Tuesday, July 24, 2007

Sysvol

Many people may overlook this very important folder. By default, Windows 2003 Server gives "authenticated users" full control of this folder. Patches will automatically adjust the security settings to accommodate for it, but you can easily do it yourself after installation of a new 2003 server machine.

The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The Sysvol folder on a domain controller contains the following items:

  • Net Logon shares. These typically host logon scripts and policy objects for network client computers.
  • User logon scripts for domains where the administrator uses Active Directory Users and Computers.
  • Windows Group Policy.
  • File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.
  • File system junctions.

Best Practices for Sysvol Maintenance
http://support.microsoft.com/kb/324175

Authenticated Users Group Has Too Many Permissions to the SYSVOL Network Share
http://support.microsoft.com/kb/812538
Posted by at No comments:

Group Policy - Notes

Workstations check with Active Directory every 60 to 120 minutes to see if there are any new policies. If there are, then the workstations apply them - both user and machine policies.

If you are using group policies, local policy is always processed before site, domain, or OU group policies

Policies are reapplied every 90 minutes, with a 30-minute "randomization" to keep the domain controller from getting hit by many computers at once

Policies on DCs are refreshed every 5 minutes

Order in which policies are applied: local > site > domain > OU
If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting

GPO-links that are enforced cannot be blocked from the parent container

---------------------------------------------------

Managing inheritence of Group Policy:
http://technet2.microsoft.com/windowsserver/en/library/212eb1fd-11f4-465f-b243-73e542d06b2c1033.mspx?mfr=true

Referenced from "Mastering Windows Server 2003" by Mark Minasi

Posted by at No comments:
Subscribe to: Posts (Atom)