Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Default Domain Policy
Ask the community Add a reply
Word :    Username :           
 
pDK   07-16-2004 at 07:38:23 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

 

The default domain policy sets security settings on the
sysvol directory on a given DC, however this triggers
staging files to grow excessivly as it alters ACL
information.
If you alter the Default Domain Policy not to replace any
security setting on the sysvol directory + subfolders
everything runs smootly and FRSDiag stops reporting errors.

1. Are these settings intended by Microsoft in this case
why ??
2. Why does the Default Domain Policy specify the path
c:\winnt\*** insted of %systemroot%??

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   07-19-2004 at 03:05:52 PM
- 0 +

Archived from groups: microsoft.public.win2000.group_policy (More info?)

 

Hi Pdk,

Thanks for your posting here.

We should not use file system policy to apply anything to files in the
sysvol share. This is replicated and can cause a replication storm when the
policy is applianced on all the DCs and replicated form all the DC.

Please refer to the following documents for more information about this
issue.

284947 Antivirus programs may modify security descriptors and cause
excessive
http://support.microsoft.com/?id=284947

279156 The Effects of Setting the File System Policy on a Disk Drive or
Folder
http://support.microsoft.com/?id=279156

"%SystemRoot%" means the folder including Windows files, typically, the
Winnt or Windows folder. Take a look in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment.

Wish it helps.

Regards,
Bob Qin
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Default Domain Policy
Go to:

There are 547 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.199 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?