Azure / ArcEnabledServersGroupPolicy

Guidance and sample code to perform at-scale onboarding of servers to Arc via Group Policy
MIT License
9 stars 14 forks source link

Logging Path does not need to allow full Write & Modify permissions for all domain computers #29

Open Borgquite opened 6 months ago

Borgquite commented 6 months ago

The current permissions set up on the Logging Path are slightly over permissive. At the moment all Domain Computers (which includes client devices) can modify or delete the log files created by other servers. It is possible to use the CREATOR OWNER permission (similar to the supported method for Folder Redirection) so that it is not possible for log files to be modified by another computer after a server has created it.

Pull request incoming!