ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Non-Admin Write Access to Sysvol

    IT Discussion
    server 2003 sysvol
    3
    5
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NetworkNerdN
      NetworkNerd
      last edited by NetworkNerd

      We still have a couple of Server 2003 DCs in production (soon to leave us). In order to not make one of my techs a domain admin or hand out the domain admin credentials, I used delegated administration to give him access to manage user accounts in AD. It's mostly creating users, deleting them when their account needs to be removed, editing properties, etc. He's using RSAT to access and manage AD from his laptop.

      But one of the issues we ran into today is that he cannot edit the scripts in our sysvol. We use login scripts for most users to map drives, and although we do have a standard, one of our remote sites which has its own server has some customized login scripts that need editing now and then.

      Is there a delegated administration permission I have missed somewhere to give him write access to those scripts? Any help would be much appreciated.

      And I do understand the drive mapping could be done through group policy. I'm more concerned about making what we have in place work if I can.

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        What don't you just make a new AD Group (or use an exisiting one that applies) and give the group permissions to the sysvol folder (or even just a sub folder if needed).

        NetworkNerdN 1 Reply Last reply Reply Quote 1
        • NetworkNerdN
          NetworkNerd @A Former User
          last edited by NetworkNerd

          @thecreativeone91 said:

          What don't you just make a new AD Group (or use an exisiting one that applies) and give the group permissions to the sysvol folder (or even just a sub folder if needed).

          So in this case it really is just as simple as share permissions and folder permissions I guess. I was thinking there had to be something enabled in AD as well. Maybe I was over thinking it.

          ? 1 Reply Last reply Reply Quote 1
          • ?
            A Former User @NetworkNerd
            last edited by

            @NetworkNerd said:

            @thecreativeone91 said:

            What don't you just make a new AD Group (or use an exisiting one that applies) and give the group permissions to the sysvol folder (or even just a sub folder if needed).

            So in this case it really is just as simple as share permissions and folder permissions I guess. I was thinking there had to be something enabled in AD as well. Maybe I was over thinking it.

            Yeah. The share permissions should be fine. by default authenticated users are Full Control. You just need to change the NTFS folder permissions.

            1 Reply Last reply Reply Quote 2
            • thanksajdotcomT
              thanksajdotcom
              last edited by

              Agree with @thecreativeone91. You're overthinking it. LOL

              1 Reply Last reply Reply Quote 1
              • 1 / 1
              • First post
                Last post