Windows Server - Netlogon Share-access denied

Asked By Stev

30-Jul-08 12:07 PM

One of our remote administrators uses a folder under the Netlogon
(\\domaincontroller\netlogon\gposhare) for GPO batch files/logon scripts.
Since I put in the new domain controllers, he gets 'access denied' when
trying to edit the GPO batch files or post new ones. I am the domain admin,
and it works fine. He is in the AD security group that has full control of
this share. Any help is appreciated. steve

Windows Server Discussions

Netlogon
(1)

Controllers
(1)

Meinolf Weber replied...

03-Aug-08 06:19 AM

Hello Steve,

By default only the administrators group and system have the permission to
write to the netlogon share. Make sure on BOTH DC's under c:\windows\sysvol\sysvol\domainname.com\scripts
folder that the rights are correct.
Also post the rights you set for the group you created.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Previous Discussion: File filters in 2003 SP2?

SYSVOL Windows Server

SYSVOL Windows Server Hi, This article describes troubleshooting steps to use on Windows 2000 domain controllers that are missing netlogon and sysvol shares. But my servers run SERVER 2003 SP2. Thanks. Windows Server Active Directory Discussions NetAdmin (1) Windows (1) Controllers (1) Netlogon (1) SYSVOL (1) Monsef (1) wtf? - - NetAdmin <SÃ£o Paulo, BR> keywords: SYSVOL description: Hi This article describes troubleshooting steps to use on Windows 2000 domain controllers that are missing netlogon and sysvol shares. But my servers run

Mysterious Account Lockout Windows Server

to get locked out of the Windows 2003 domain. We have enabled debugging on the netlogon server service on all domain controllers in hopes the netlogon logfiles would show the account lockout event. . .but the logfiles don't log the account lockout event for some reason. 1. Should the netlogon.log file show account lockout events, if yes, what should the DBFlag value be set at? 2. Is there a better way (than sifting netlogon.log) to find out who or what is locking out the account in question? Thank Discussions DBFlag (1) HiThis (1) JoshP (1) Directory (1) Lockout (1) Windows (1) Accountlockuot (1) Controllers (1) Hi This generally happens when the user changed its password, then it has a to get locked out of the Windows 2003 domain. We have enabled debugging on the netlogon server service on all doma

Changing Machine Account password fails Windows Server

Hi, from time to time i have the following error in one of my Domain Controllers: EventID: 3224 Source: Netlogon Changing machine account password for account domain.local failed with the following error: the specific techarena.in Windows Server Active Directory Discussions ADSIEdit (1) EventID (1) TrustedDomain (1) SubDomains (1) Controllers (1) Netlogon (1) Trusts (1) Truts (1) The details provided by you are not sufficient, however as Hi, from time to time i have the following error in one of my Domain Controllers: EventID: 3224 Source: Netlogon Changing machine account password for

Multi AD Sites users authenticate over WAN Windows Server

users authenticate over WAN Windows Server Hello, I have two AD sites with 4 domain controllers. All domain controllers are Windows Server 2003, Single forest, single domain, Windows 2000 Native domain mode, and Windows 2000 forest mode. The HQ have 3 domain controllers, the remote site have 1 domain controller. All servers have GC enabled, each sites are problem is that users from remote site are authenticating over the WAN to HQ domain controllers. What did I miss? My understanding is that once a site is created and the local domain controller. 2. When i look at the security logs on the HQ domain controllers also workstation from the remote site authenticating to it. many thanks!!!! Hello Newbie, Are all site._sites.dc._msdcs.mydomain.com I found _ldap and _kerberos records of HQ domain controllers. Also, whe i go to _tcp.remote-site._sites.mydomain.com I found _gc, _ldap test environment before implementing! - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Have you created the remote site prior to installing its domain controllers? Which site were these domain controllers originally installed in? Do domain controller objects actually appear under appropriate sites in Active Directory