7,023 questions
Yes, the scripts are within the sysvol directory. It isn't recommended to modify permissions of sysvol or its contents.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Best practice in securing SYSVOL custom directories without breaking the AD replication?
EnterpriseArchitect
6,041
Reputation points
People,
I need some confirmation whether the default SYSVOL folder content does not include Scripts directory?
This location: \myADDomain.com\SYSVOL\myADDomain.com\scripts
Because I can see this directory in one of my Domain Controllers is Full Control for all Authenticated Users.
Does changing this into Read & Execute to all Authenticated Users is recommended?
Thanks in advance.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-06-17T12:22:46.473+00:00
3 additional answers
Sort by: Most helpful
-
Anonymous
2021-06-18T01:40:46.97+00:00 Hello @EnterpriseArchitect ,
Thank you for posting here.
Hope the information provided by DSPatrick is helpful to you.
Here is my suggestion for your reference.
Q: I need some confirmation whether the default SYSVOL folder content does not include Scripts directory?
This location: \myADDomain.com\SYSVOL\myADDomain.com\scripts
A: Yes, it includes.
Q: Does changing this into Read & Execute to all Authenticated Users is recommended?
A: We do not recommend any changes to the permissions of the SYSVOL folder, because any changes to the permissions of the SYSVOL folder may cause various SYSVOL replication problems or GPO application problems, and these problems are very difficult to repair/fix or possible unable to repair/fix.Hope the information above is also helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
-
EnterpriseArchitect 6,041 Reputation points
2023-07-26T06:02:38.01+00:00 Hi @Anonymous ,
Based on the: https://www.stigviewer.com/stig/windows_server_2016/2018-09-05/finding/V-73371Does it mean for any of the custom subdirectories under SYSVOL can be set with Authenticated Users - Read and Execute?
Sign in to comment -
-
Anonymous
2021-06-18T01:41:43.127+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
EnterpriseArchitect 6,041 Reputation points
2021-06-18T02:12:35.733+00:00 That's great explanation, many thanks @Anonymous and @Anonymous
-
Anonymous
2021-06-18T02:13:17.49+00:00 You're welcome.
-
Anonymous
2021-06-18T02:51:24.447+00:00 Hello @EnterpriseArchitect ,
Thank you for your update. I am very glad that the information is helpful.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!
Best Regards,
Daisy Zhou============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Sign in to comment -