Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Shares are Read Only after removing DFS on Windows Server 2008

Posted on 2011-02-15
3
Medium Priority
?
1,108 Views
Last Modified: 2012-05-11
We have 2 shared folders on Server 2008 R2; one is shared to everyone and the other contains the private folders for each department.  We used to use DFS, but we haven't been using DFS for a while; we have been mapping directly to the server.

Last night I was doing some cleanup on the server and I removed the listings in DFS.  Once I did that, everything on the private drive became Read-Only and nothing could be saved or created on that drive.  Obviously DFS was still doing something for us, but I don't know what.  I'd rather not go back to DFS; I'd rather just map the clients directly to the server.

I have checked the share permissions on that folder:
Administrators - Owner
Domain Users - Read
{sys admin account} - Read/Write (that's me)
{another domain admin account} - Read/Write

Access to the folders underneath are controlled by AD security groups.  These groups are setup by department and each department security group is given full control over their department's private drive folder. in Security and Sharing.

Is there something further I need to do to get DFS out of the picture or is there something else I need to do on the Sharing /Security tabs on the folders?

Any help would be greatly appreciated.

Jono
0
Comment
Question by:Jono Martin
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 34897180
You need to give Domain Users "Read/Write" (or Full) access in the Share permissions; when using both Share and NTFS permissions, the more restrictive ones win.
There's actually not much point in using both NTFS and Share permissions, it's only good for confusion. Usually, you can just give the Everyone (or Authenticated Users) group Full Access in Share permissions and concentrate on the NTFS permissions to control access.
0
 

Author Closing Comment

by:Jono Martin
ID: 34897966
oBdA - you rock!

Thank you for your reply; it worked perfectly.  This is a huge weight off of my shoulders.

I set the share permissions for Domain Users to Read/Write and that did the trick.  I also checked the folders inside to make sure that what I did didn't open up everything to everyone, but it's all good.  People have access to what they should have access to and they are denied other things as needed.

Thanks again!
Jono
0
 

Author Comment

by:Jono Martin
ID: 34901687
oBdA -

Any chance you can help me out with another question I've had open for a while?
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26810092.html

Thanks for any help with this.

Jono
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question