>> On 27/09/2011 13:07, fe...@epepm.cupet.cu wrote: >>> Hello. >>> I noticed that any domain user can delete the content of the shared >>> folder >>> sysvol in the domain controller from a windows client. >>> >>> How can I avoid that? >>> >>> Greetings, >>> Felix >>> >> What's the default windows behavior with this ? >> >> Matthieu. >> > Windows users Windows permissions > ------------------------------------------------- > Domain Admins-----------> Full Access > Authenticated Users------> Read & Execute, List folder contents, Read > CREATOR OWNER-----------> Special permissions (Maybe we don't need this) > Server Operators--------> Read & Execute, List folder contents, Read > SYSTEM------------------> Full Access >
I think that what it is needed here is: Domain Admins-------------> Full Access and everybody else--------> Read & Execute, List folder contents, Read I think that GPOs and some scripts are delivered to windows clients through sysvol, that's why I don't want any of my users to be able to delete the sysvol content. What should I do to accomplish that goal? Thanks in advance. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba