Detections
Analytics

Dangerous SYSVOL Replication Configuration

medium

Language:

Description

"File Replication Service" (FRS) is deprecated since Windows Server 2008 R2. Tenable highly recommends migrating the SYSVOL share replication from FRS to "Distributed File System Replication" (DFS-R) for better robustness, scalability, and replication performance.

Solution

Microsoft recommends using the recent and supported DFS-R protocol for SYSVOL replication. You must migrate SYSVOL shares still using "File Replication Service" (FRS) to "Distributed File System Replication" (DFS-R) manually following the procedure from Microsoft.

See Also

Active Directory Security Assessment Checklist - SYSVOL replication through NTFRS

Windows Server version 1709 no longer supports FRS

FRS Technical Reference

DFS Replication FAQ

The Case for Migrating SYSVOL to DFSR

Importing a GPO using GPMC fails with "The Directory is not empty"

Indicator Details

Name: Dangerous SYSVOL Replication Configuration

Codename: C-DFS-MISCONFIG

Severity: Medium

MITRE ATT&CK Information: