> On 28/09/2011 04:59, [email protected] wrote: >>>> On 27/09/2011 13:07, [email protected] wrote: >>>>> Hello. >>>>> I noticed that any domain user can delete the content of the shared >>>>> folder >>>>> sysvol in the domain controller from a windows client. >>>>> >>>>> How can I avoid that? >>>>> >>>>> Greetings, >>>>> Felix >>>>> >>>> What's the default windows behavior with this ? >>>> >>>> Matthieu. >>>> >>> Windows users Windows permissions >>> ------------------------------------------------- >>> Domain Admins-----------> Full Access >>> Authenticated Users------> Read& Execute, List folder contents, Read >>> CREATOR OWNER-----------> Special permissions (Maybe we don't need >>> this) >>> Server Operators--------> Read& Execute, List folder contents, Read >>> SYSTEM------------------> Full Access >>> >> I think that what it is needed here is: >> Domain Admins-------------> Full Access >> and everybody else--------> Read& Execute, List folder contents, Read >> >> I think that GPOs and some scripts are delivered to windows clients >> through sysvol, that's why I don't want any of my users to be able to >> delete the sysvol content. >> >> What should I do to accomplish that goal? > In theory we should have the ACLs ok, I have to check this things but it > won't be before next week I'm at IOLAB with microsoft this week focusing > on FRS replication. > > > Sorry. > > Matthieu. > I understand. I'll be waiting for an answer. Thanks.
Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
