Solved

DFS Permissions

Posted on 2011-03-21
6
1,378 Views
Last Modified: 2012-08-20
Using 2008 R2 server.  I had this working on 2003 server, but can't seem to be able to do it here. I have a DFS Root, with many links to shared folders.  The DFS names space is then used to map users to a shared drive using GPO and netuse.  My issue is I can't seem to prevent users from saving to the root folders, which are by department.  I only want them to be able to save in the sub-folders.  They should be able to create any folders they wish within the sub folders and inside the parent folder.  I've tried changing the parent folder permissions and inheriting down, but that locked them out of everything.  Not sure what I can't remember.
0
Comment
Question by:Michelle Dabney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 35209178
The Root needs to be the beginning of the Permissions (meaning no inheriting).

1. First Add the User's group in the normal way in the Dialog

2. Then go into the Advanced section and remove the item Create Files / Write Data.

3. Click OK on everything and go completely out of all Dialog boxes.

4. Go back into the Properties of the Folder and select Permissions again

5. Go straight to the Advanced Section this time.

6. Add the same User's group again a second time,...this time all the permissions will be unchecked by default.  

7.  In the Applies To drop-down choose Subfolders Only and then check the Allow box for Create Files and Write Data.

Now when you get back to the first Advanced dialog box, the User's Group will be listed twice:
  a.  Permissions=Special  Applies to = This Folder, Subfolders and Files
   b. Permissions= Create Files / Write Data   Applies to = Subfolders Only
0
 

Author Comment

by:Michelle Dabney
ID: 35211023
Just for clarification, you're using Root for the file share, not the DFS root, correct?  I know that previously I hid the shares from the users, they could only see the DFS folder.  For some reason, wih 2008 R2, the DFS wouldn't link.  I had, at first,  thought that was my issue.  I will attempt on one folder and let you know if this is the solution.  Thank you.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35211362
Root meaning the "top of the folder tree"  in the file system within the context of the discussion.
Since the DFS Root has to point to something,...it is probably one and the same,...but maybe not.

I'm talking about the Folder right above the User's individual folders.

Some Folder|              <------------you point the DFS Root here??  Don't know.
                    |--Userfolder1
                    |--Userfolder2
                    |--UserSally
                    |--UserJohn

Here is an article that gives the same theory I based what I said on,...but mine is more simpler.

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/kb/274443

Do not confuse these:
1. Folder Redirection
2. Roaming Profiles
3. Offline Files
4. DFS

They are all four entirely different and independent things.  They can all be done totally by themselves or in various combinations togther (if you can keep them all straight).    But if you cannot keep it straight in your head where one ends and another begins you are in for a world of hurt.   DFS simply repicates copys of the specified file structure to two or more places and provides a unified UNC Path to get there,...that is all it does,...don't confuse what it is doing with what any of the other 3 things do.
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:Michelle Dabney
ID: 35231675
Almost exactly what we need.  Tweaking on our side needed.
0
 

Author Closing Comment

by:Michelle Dabney
ID: 35231686
The partiality would be our need to change the way the folders are now set up.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35232628
The article I gave the link for is more accuarte than what I gave off the top of my head.  I trhink I forgot a couple parts in mine.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question