Solved

DFS Permissions

Posted on 2011-03-21
6
1,375 Views
Last Modified: 2012-08-20
Using 2008 R2 server.  I had this working on 2003 server, but can't seem to be able to do it here. I have a DFS Root, with many links to shared folders.  The DFS names space is then used to map users to a shared drive using GPO and netuse.  My issue is I can't seem to prevent users from saving to the root folders, which are by department.  I only want them to be able to save in the sub-folders.  They should be able to create any folders they wish within the sub folders and inside the parent folder.  I've tried changing the parent folder permissions and inheriting down, but that locked them out of everything.  Not sure what I can't remember.
0
Comment
Question by:dabneym
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 35209178
The Root needs to be the beginning of the Permissions (meaning no inheriting).

1. First Add the User's group in the normal way in the Dialog

2. Then go into the Advanced section and remove the item Create Files / Write Data.

3. Click OK on everything and go completely out of all Dialog boxes.

4. Go back into the Properties of the Folder and select Permissions again

5. Go straight to the Advanced Section this time.

6. Add the same User's group again a second time,...this time all the permissions will be unchecked by default.  

7.  In the Applies To drop-down choose Subfolders Only and then check the Allow box for Create Files and Write Data.

Now when you get back to the first Advanced dialog box, the User's Group will be listed twice:
  a.  Permissions=Special  Applies to = This Folder, Subfolders and Files
   b. Permissions= Create Files / Write Data   Applies to = Subfolders Only
0
 

Author Comment

by:dabneym
ID: 35211023
Just for clarification, you're using Root for the file share, not the DFS root, correct?  I know that previously I hid the shares from the users, they could only see the DFS folder.  For some reason, wih 2008 R2, the DFS wouldn't link.  I had, at first,  thought that was my issue.  I will attempt on one folder and let you know if this is the solution.  Thank you.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35211362
Root meaning the "top of the folder tree"  in the file system within the context of the discussion.
Since the DFS Root has to point to something,...it is probably one and the same,...but maybe not.

I'm talking about the Folder right above the User's individual folders.

Some Folder|              <------------you point the DFS Root here??  Don't know.
                    |--Userfolder1
                    |--Userfolder2
                    |--UserSally
                    |--UserJohn

Here is an article that gives the same theory I based what I said on,...but mine is more simpler.

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/kb/274443

Do not confuse these:
1. Folder Redirection
2. Roaming Profiles
3. Offline Files
4. DFS

They are all four entirely different and independent things.  They can all be done totally by themselves or in various combinations togther (if you can keep them all straight).    But if you cannot keep it straight in your head where one ends and another begins you are in for a world of hurt.   DFS simply repicates copys of the specified file structure to two or more places and provides a unified UNC Path to get there,...that is all it does,...don't confuse what it is doing with what any of the other 3 things do.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dabneym
ID: 35231675
Almost exactly what we need.  Tweaking on our side needed.
0
 

Author Closing Comment

by:dabneym
ID: 35231686
The partiality would be our need to change the way the folders are now set up.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35232628
The article I gave the link for is more accuarte than what I gave off the top of my head.  I trhink I forgot a couple parts in mine.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
knowing when local account expires (Windows Server OS-DOS) 5 66
ADFS for O365 login page 2 48
Whitelisting applications 2 21
Locating a GPO setting 3 27
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question