Netlogon share compatibilityID: oval:org.secpod.oval:def:19262 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Netlogon share compatibility machine setting should be configured correctly.
This setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. When this setting is enabled, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission. When this setting is disabled or not configured, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission. By default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\Netlogon share compatibility
(2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\AllowExclusiveScriptsShareAccess
Platform: |
Microsoft Windows Server 2008 R2 |