Microsoft KB Archive/201227

= Managing Security on Group Policy Data in SYSVOL =

Article ID: 201227

Article Last Modified on 2/20/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q201227



SUMMARY
When a Group Policy Object (GPO) is created, two storage mechanisms are used to contain the policy data. An object is created that contains information such as the version number (which is incremented when changes are made to the policy) and the objects to which the GPO applies in the Active Directory. Data that takes the form of files, such as security configuration templates and registry policy, is stored in a folder in SYSVOL (an automatically replicated directory structure between domain controllers).



MORE INFORMATION
Using the Access Control List (ACL) Editor, the administrator can specify which users or groups have permission to modify the GPO and to which users or groups the GPO applies.

The administrator does not need to make changes to the permissions of the folder structures that contain the Group Policy data in SYSVOL. Modifying the ACL of the GPO in the Active Directory automatically modifies the permissions for the folder structure in SYSVOL.

Keywords: kbenv kbinfo KB201227

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.