Solved

DFS Permissions

Posted on 2011-03-21
6
1,377 Views
Last Modified: 2012-08-20
Using 2008 R2 server.  I had this working on 2003 server, but can't seem to be able to do it here. I have a DFS Root, with many links to shared folders.  The DFS names space is then used to map users to a shared drive using GPO and netuse.  My issue is I can't seem to prevent users from saving to the root folders, which are by department.  I only want them to be able to save in the sub-folders.  They should be able to create any folders they wish within the sub folders and inside the parent folder.  I've tried changing the parent folder permissions and inheriting down, but that locked them out of everything.  Not sure what I can't remember.
0
Comment
Question by:Michelle Dabney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 35209178
The Root needs to be the beginning of the Permissions (meaning no inheriting).

1. First Add the User's group in the normal way in the Dialog

2. Then go into the Advanced section and remove the item Create Files / Write Data.

3. Click OK on everything and go completely out of all Dialog boxes.

4. Go back into the Properties of the Folder and select Permissions again

5. Go straight to the Advanced Section this time.

6. Add the same User's group again a second time,...this time all the permissions will be unchecked by default.  

7.  In the Applies To drop-down choose Subfolders Only and then check the Allow box for Create Files and Write Data.

Now when you get back to the first Advanced dialog box, the User's Group will be listed twice:
  a.  Permissions=Special  Applies to = This Folder, Subfolders and Files
   b. Permissions= Create Files / Write Data   Applies to = Subfolders Only
0
 

Author Comment

by:Michelle Dabney
ID: 35211023
Just for clarification, you're using Root for the file share, not the DFS root, correct?  I know that previously I hid the shares from the users, they could only see the DFS folder.  For some reason, wih 2008 R2, the DFS wouldn't link.  I had, at first,  thought that was my issue.  I will attempt on one folder and let you know if this is the solution.  Thank you.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35211362
Root meaning the "top of the folder tree"  in the file system within the context of the discussion.
Since the DFS Root has to point to something,...it is probably one and the same,...but maybe not.

I'm talking about the Folder right above the User's individual folders.

Some Folder|              <------------you point the DFS Root here??  Don't know.
                    |--Userfolder1
                    |--Userfolder2
                    |--UserSally
                    |--UserJohn

Here is an article that gives the same theory I based what I said on,...but mine is more simpler.

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/kb/274443

Do not confuse these:
1. Folder Redirection
2. Roaming Profiles
3. Offline Files
4. DFS

They are all four entirely different and independent things.  They can all be done totally by themselves or in various combinations togther (if you can keep them all straight).    But if you cannot keep it straight in your head where one ends and another begins you are in for a world of hurt.   DFS simply repicates copys of the specified file structure to two or more places and provides a unified UNC Path to get there,...that is all it does,...don't confuse what it is doing with what any of the other 3 things do.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:Michelle Dabney
ID: 35231675
Almost exactly what we need.  Tweaking on our side needed.
0
 

Author Closing Comment

by:Michelle Dabney
ID: 35231686
The partiality would be our need to change the way the folders are now set up.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35232628
The article I gave the link for is more accuarte than what I gave off the top of my head.  I trhink I forgot a couple parts in mine.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question