JSI Tip 7515. The Authenticated Users group in Windows Server 2003 has Full Control of the SYSVOL share?

Jerold Schulman

December 4, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

The Authenticated Users group should only have Read share-level permission for the SYSVOL share.

Even though the underlying NTFS permissions on the %SystemRoot%SysvolSysvol folder DO NOT allow an Authenticated Users to write or change anything, if the ACL was accidentally changed, members of the Authenticated Users could have write or Full Control permissions on the SYSVOL folders and files.

To correct this problem:

1. Use Windows Explorer, or My Computer, to browse to %SystemRoot%SysvolSysvol.

2. Right-click the folder and press Sharing and Security.

3. Press Permissions.

4. Select Authenticated Users.

5. Clear the Full Control and Change boxes in the Allow column.

6. Press OK and OK.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like