Can the "Everyone -> Read" share permission be removed from a Domain Controller ?

Collingwood, Rawl 20 Reputation points
2024-05-16T17:10:29.92+00:00

Can the "Everyone -> Read" share permission be removed from a Domain Controller ?

Please confirm that the following are the default permission required for sysvol and Netlogon shares:

Folder permissions: System -> Full Control Authenticated users -> Read Administrators -> Full control

Share permissions: Authenticated Users -> Full Control Administrators -> Full Control Everyone -> Read

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,390 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andreas Baumgarten 112.2K Reputation points MVP
    2024-05-16T18:07:01.25+00:00

    Hi @Collingwood, Rawl ,

    the default permissions on the Netlogon/Sysvol share is listed below:

    Folder permissions:

    System -> Full Control

    Authenticated users -> Read

    Administrators -> Full control

    Share permissions:

    Authenticated Users -> Full Control

    Administrators -> Full Control

    Everyone -> Read

    Both permission sets are required.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.