Definitely that is where your login scripts and so forth are or the general place that you are suppose to put them. I've got to go do some work over at a place I have a Samba4 PDC setup tomorrow.
Did you mess with the permissions or don't recall? Was it like that when you installed? I wouldn't allow Everyone to have access. Go the Authenticated Users route or maybe Domain Users with read/execute permissions. I'll check all the different users on it tomorrow for ya and drop back a line to this thread though. There might be a phantom User that only Samba knows about that is listed there that might be specific to your install. It would be nice if someone chimed in here, have been wondering about that... ;) Chris On Wed, Sep 28, 2011 at 1:55 PM, <[email protected]> wrote: > > On 28/09/2011 04:59, [email protected] wrote: > >>>> On 27/09/2011 13:07, [email protected] wrote: > >>>>> Hello. > >>>>> I noticed that any domain user can delete the content of the shared > >>>>> folder > >>>>> sysvol in the domain controller from a windows client. > >>>>> > >>>>> How can I avoid that? > >>>>> > >>>>> Greetings, > >>>>> Felix > >>>>> > >>>> What's the default windows behavior with this ? > >>>> > >>>> Matthieu. > >>>> > >>> Windows users Windows permissions > >>> ------------------------------------------------- > >>> Domain Admins-----------> Full Access > >>> Authenticated Users------> Read& Execute, List folder contents, Read > >>> CREATOR OWNER-----------> Special permissions (Maybe we don't need > >>> this) > >>> Server Operators--------> Read& Execute, List folder contents, Read > >>> SYSTEM------------------> Full Access > >>> > >> I think that what it is needed here is: > >> Domain Admins-------------> Full Access > >> and everybody else--------> Read& Execute, List folder contents, Read > >> > >> I think that GPOs and some scripts are delivered to windows clients > >> through sysvol, that's why I don't want any of my users to be able to > >> delete the sysvol content. > >> > >> What should I do to accomplish that goal? > > In theory we should have the ACLs ok, I have to check this things but it > > won't be before next week I'm at IOLAB with microsoft this week focusing > > on FRS replication. > > > > > > Sorry. > > > > Matthieu. > > > I understand. I'll be waiting for an answer. > Thanks. > > Felix. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
