SYSVOL junction inherits NTFS permissions from the drive root
The junction target is %SystemRoot%\Sysvol\Domain.
- %SystemRoot%\Sysvol\Staging areas\Mydomain.com
The junction target is %SystemRoot%\Sysvol\Staging.
FRSWinnt\Sysvol\Staging areas\Mydomain.com is used only by FRS. FRS uses the NTBackup function and does not need explicit permissions to access the required folders.
GPOThe inherited NTFS permissions on %SystemRoot%\Sysvol\Sysvol\Mydomain.com do not affect how a GPO is applied. After the client computer's Group Policy dynamic-link library (DLL) file connects to the SYSVOL, the Group Policy DLL uses SMB NT create against Mydomain.com\Policies\GUID (where GUID is the globally unique identifier [GUID]) to read the appropriate policy setting from the GUID folder. Because the bypass traverse checking policy setting does not step through all the subfolders explicitly, it allows access to the target folder (by default, this policy setting is turned on; Microsoft recommends that you use this policy setting). Therefore, the inherited NTFS permissions on Winnt\Sysvol\Sysvol\Mydomain.com have no effect on the GPO.
NETLOGON Share AccessThe %SystemRoot%\Sysvol\Sysvol\Mydomain.com\scripts folder is not affected by the inherited NTFS permissions. The settings are the same as the settings of a default installation. The NETLOGON share can be accessed.
Default PermissionsBy default, the following NTFS permissions are set on junctions. Microsoft recommends that you use these settings.
- Domain\Administrators: Full Control
- System: Full Control
- Domain\Users: Read & Edit, Read
Artikelnummer: 319808 – Letzte Überarbeitung: 03/01/2007 23:52:53 – Revision: 3.2
- kbinfo KB319808