Solved

Shares are Read Only after removing DFS on Windows Server 2008

Posted on 2011-02-15
3
1,096 Views
Last Modified: 2012-05-11
We have 2 shared folders on Server 2008 R2; one is shared to everyone and the other contains the private folders for each department.  We used to use DFS, but we haven't been using DFS for a while; we have been mapping directly to the server.

Last night I was doing some cleanup on the server and I removed the listings in DFS.  Once I did that, everything on the private drive became Read-Only and nothing could be saved or created on that drive.  Obviously DFS was still doing something for us, but I don't know what.  I'd rather not go back to DFS; I'd rather just map the clients directly to the server.

I have checked the share permissions on that folder:
Administrators - Owner
Domain Users - Read
{sys admin account} - Read/Write (that's me)
{another domain admin account} - Read/Write

Access to the folders underneath are controlled by AD security groups.  These groups are setup by department and each department security group is given full control over their department's private drive folder. in Security and Sharing.

Is there something further I need to do to get DFS out of the picture or is there something else I need to do on the Sharing /Security tabs on the folders?

Any help would be greatly appreciated.

Jono
0
Comment
Question by:Jono Martin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 34897180
You need to give Domain Users "Read/Write" (or Full) access in the Share permissions; when using both Share and NTFS permissions, the more restrictive ones win.
There's actually not much point in using both NTFS and Share permissions, it's only good for confusion. Usually, you can just give the Everyone (or Authenticated Users) group Full Access in Share permissions and concentrate on the NTFS permissions to control access.
0
 

Author Closing Comment

by:Jono Martin
ID: 34897966
oBdA - you rock!

Thank you for your reply; it worked perfectly.  This is a huge weight off of my shoulders.

I set the share permissions for Domain Users to Read/Write and that did the trick.  I also checked the folders inside to make sure that what I did didn't open up everything to everyone, but it's all good.  People have access to what they should have access to and they are denied other things as needed.

Thanks again!
Jono
0
 

Author Comment

by:Jono Martin
ID: 34901687
oBdA -

Any chance you can help me out with another question I've had open for a while?
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26810092.html

Thanks for any help with this.

Jono
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question