Question about shared folders?

Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
I've found that sysvol and netlogon are always shared and can be accessed by a client on the "Network" column when they go on my computer, the names of the DC appear because of SSDP etc... There is nothing to stop them from going into one of the folders and changing things around expect for changing the advanced sharing to "Read" only.

Also, i have a folder on my DC that is called Home and is used to store the home directory files of a user, there is also nothing to stop a user from using the same technique as mentioned before and going into another users work and looking at it, they cant change it but they shouldn't be allowed to view it either. Very confusing!

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Setup your policy to prevent it...by default a lot of things are set to not restrict users.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    With Microsoft just assume users can access everything unless you specifically set it to where they can't.
  • Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
    Do i have to create a group policy for such a thing? Haven't ever done anything like that before, any help would be appreciated.

    Thanks.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Looks like on those they default to read-only and shouldn't be altered because of how MS Server works.

    Hide Netlogon/SysVol folder - IT Answers
  • Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
    Regarding my Home directory query then, i'm not sure this would work. It doesn't seem practical to go in and change EVERY folder and file to only be able to be accessed by the user that saved it. So how can I go about making sure obviously the Home directory is accessible but the individual folders aren't by other users on the network and stopping them from accessing the folders and then being able to view their work?

    Cheers
  • AndersonSmithAndersonSmith Member Posts: 471 ■■■□□□□□□□
    The SYSVOL and NETLOGON folders are purposely setup that way in order for your domain to function correctly. By default standard users won't be able to go in and change anything. As for the Home Directory issue, if these are folders users themselves have created look into setting permissions for the Creators/Owners and look into enabling Access Based Enumeration on the share. ABE prevents users from even seeing folders they aren't assigned permission to.
    All the best,
    Anderson

    "Everything that has a beginning has an end"
Sign In or Register to comment.