Developer access to Netlogon subfolder

Occasional Contributor

We have 2 users that need modify permissions to this folder \\domainname\netlogon\push, running on Windows 2019 DC. With my administrator account I can add/delete files/folders. When I add the developer accounts and give them modify rights and view "effective permissions" it shows they only get read/list rights which matches the same permissions for the authenticated users group. I also tried setting permissions using the full path on one of the DC's c:\windows\sysvol\sysvol\domainname\SCRIPTS\push and it replies with "You are about to change permission settings on system folders. This can reduce the security of your computer and cause users to have problems accessing files. Do you want to continue" - so I cancel by clicking NO

 

Any ideas on how we can get these permissions applied?

5 Replies

Modifying the \sysvol permissions is asking for troubles. The share permissions are what prevents writing - which are set to Read. To allow writing to NETLOGON, have your users to access its content via SYSVOL share.

rather than connecting to

\\DC\Netlogon

have them connect to

\\DC\SYSVOL\somedomainname.com\Scripts

 

 

Hello Dave, thank you. Our alternate path is \\abc\sysvol\abc.local\scripts\newfolder but until permissions are adjusted they cannot make any changes to the "newfolder" folder. Even though the system allows me to set their NTFS permissions to modify on the folder they still can't make modifications on the folder and you're saying the share permissions are set to read which is the issue. Is there no option to get around the lockdown without adding them to the group my account belongs to which has modify access to all of the folders?
Thank you for that but the developers can access the folder they just can't make any file/folder modifications within it. For example if they try to upload a file they get a message that states "you need permission to perform this action" which coincides with what I see when I check their permissions via the folders security tab "effective access" which shows they only have read/list even though I gave them modify rights

The new folder you created is just inheriting permissions from above. Sounds like you have two options; modify the permissions structure of sysvol (not recommended) or elevate the user permissions. Seeing's as they're trusted to edit files here if it were me, I'd take the second option.