Re: Hiding Sysvol and Netlogon shares?

Hello foxj77,

Leave them alone, they are essential for functioning domain. The only one
able to mess up with them are the administrators, users are NOT able to change
anything there.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi there,
>
> Is it possible to hide the sysvol and netlogon shares on our windows
> domain network?
>
> We have a windows domain on a subnet and another standalone server on
> the same subnet that will be managed by someone else. I am just
> carrying out some tests and from the standalone server and they are
> able to browse the shares and write files to the sysvol share!!
>
> Is there anyway i can secure these two shares? is it possible to put
> a $ on the end of the share to hide it?
>
> Anyone any ideas on what is possible? I don't want to come in one day
> to find that the domain has gone down because someone has messed up
> the sysvol share!
>
> Thanks
>

Howdie!

foxj77 wrote:
> The seperate server i am trying to access them from use to be part of
> the domain. It looks like i have the same admin user locally as my
> domain admin account and possible something to do with cached
> credentials or something weird with kerbos.

Dublicate local users with equal passwords wouldn't end in such a
result, either. I suspect you have those users in an over-priviledged
AD-groups (possibly Domain Administrators) and their logging on with
those creds. You should investigate what group membership they have
(whoami /all is something you can do while they're logged on)

Cheers,
Florian