Managing Security on Group Policy Data in SYSVOL

ID: Q201227

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

SUMMARY

When a Group Policy Object (GPO) is created, two storage mechanisms are used to contain the policy data. An object is created that contains information such as the version number (which is incremented when changes are made to the policy) and the objects to which the GPO applies in the Active Directory. Data that takes the form of files, such as security configuration templates and registry policy, is stored in a folder in SYSVOL (an automatically replicated directory structure between domain controllers).


MORE INFORMATION

Using the Access Control List (ACL) Editor, the administrator can specify which users or groups have permission to modify the GPO and to which users or groups the GPO applies.

The administrator does not need to make changes to the permissions of the folder structures that contain the Group Policy data in SYSVOL. Modifying the ACL of the GPO in the Active Directory automatically modifies the permissions for the folder structure in SYSVOL.

Additional query words:

Keywords : kbenv
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.