none
Changing permissions on NETLOGON RRS feed

  • Question

  • Hello all,

    This must have been covered many times but I cannot find a working solution for this.

    I need to change permissions on the NETLOGON share so that members of a support team can write files and folders to this share.

    I understand that changing NTFS permissions when browsing to the share (i.e. <domain-name>\NETLOGON or <DC Name>\NETLOGON) will not replicate so what I need to do is change NTFS Permissions on one specific DC (i.e. <DC Name>\C:\Windows\SYSVOL\sysvol\<domain-name>\scripts and then direct the members of the team to this folder on this DC

    However this still isn't working for me.

    Does anyone know of a way to change these permissions that actually works?

    Cheers

    Friday, September 27, 2013 9:47 AM

Answers

  • Do not change the default permissions on NETLOGON. What prevents you from writing to it are share permissions - which are set to Read.

    To allow writing to NETLOGON, have your team members to access its content via SYSVOL share.

    i.e. rather than connecting to

    \\DC\Netlogon

    have them connect to

    \\DC\SYSVOL\yourdomainname.com\Scripts

    hth
    Marcin

    • Proposed as answer by pbbergs [MSFT]Moderator Friday, September 27, 2013 11:47 AM
    • Marked as answer by etala Friday, September 27, 2013 11:58 AM
    Friday, September 27, 2013 11:16 AM

All replies

  • Do not change the default permissions on NETLOGON. What prevents you from writing to it are share permissions - which are set to Read.

    To allow writing to NETLOGON, have your team members to access its content via SYSVOL share.

    i.e. rather than connecting to

    \\DC\Netlogon

    have them connect to

    \\DC\SYSVOL\yourdomainname.com\Scripts

    hth
    Marcin

    • Proposed as answer by pbbergs [MSFT]Moderator Friday, September 27, 2013 11:47 AM
    • Marked as answer by etala Friday, September 27, 2013 11:58 AM
    Friday, September 27, 2013 11:16 AM
  • I would agree with Marcin.  I have had to provide access and we configured as Marcin detailed.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, September 27, 2013 11:47 AM
    Moderator
  • Guys, brilliant - thanks for this - works a treat.
    Friday, September 27, 2013 11:58 AM