|
|
I am in a dilemma here with permissions in Windows 2008 DFS and need to know
how to resolve this issue.
I have a Windows DFS 2008 server with DFS installed in Stand-alone mode.
I created a namespace ABC using wizard, no problem.
I created Folder and added target folder located on the same server but
different drive.
I used Customize option and added necessary permissions to the folder while
creating.
When I try to located the folder through another computer using UNC
\\server\share\folder
I get permission denied error message. I even get this error when I am
remote logged on the DFS server.
Please advise me how to properly setup permissions in DFS target folders,
this is very important and any help will be highly appreciated.
Thanks
|
|
Remember that the are two objects, each with their own NTFS permissions.
First there is the folder within the DFSRoot that becomes the Link. These
permissions can be seen on the physical folder. Go to X:\DFSRoot and look at the
security settings on the folder.
Second are the NTFS Permissions on the target folder. These are the ones usually
exposed to the user but access via the DFS link also requires read permission on
the link folder itself.
Remember too that there may be more than one copy of the physical link if you
have more than one DFS root server. It is quite possible to get different
permissions on each copy which means that accessing the same folder via DFS can
sometimes experience one set of permission and sometimes a different set
depending upon which DFS Root server does the referral.
On Mon, 15 Dec 2008 13:06:11 -0800, Nick <Nick[ at ]discussions.microsoft.com> wrote:
[Quoted Text] >
>I am in a dilemma here with permissions in Windows 2008 DFS and need to know
>how to resolve this issue.
>
>I have a Windows DFS 2008 server with DFS installed in Stand-alone mode.
>I created a namespace ABC using wizard, no problem.
>
>I created Folder and added target folder located on the same server but
>different drive.
>I used Customize option and added necessary permissions to the folder while
>creating.
>
>When I try to located the folder through another computer using UNC
>\\server\share\folder
>I get permission denied error message. I even get this error when I am
>remote logged on the DFS server.
>
>Please advise me how to properly setup permissions in DFS target folders,
>this is very important and any help will be highly appreciated.
>
>Thanks
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
|
|
Thanks Dave, this explains a lot. So what I am understanding is the DFSroot
permission are different than target folder permissioms? and in order for
this to work, both permissions must be set properly? In my case target folder
is within DFSroot, so should'nt it inherit permissions from parent (DFSroot)
folder?
"DaveMills" wrote:
[Quoted Text] > Remember that the are two objects, each with their own NTFS permissions.
> First there is the folder within the DFSRoot that becomes the Link. These
> permissions can be seen on the physical folder. Go to X:\DFSRoot and look at the
> security settings on the folder.
> Second are the NTFS Permissions on the target folder. These are the ones usually
> exposed to the user but access via the DFS link also requires read permission on
> the link folder itself.
>
> Remember too that there may be more than one copy of the physical link if you
> have more than one DFS root server. It is quite possible to get different
> permissions on each copy which means that accessing the same folder via DFS can
> sometimes experience one set of permission and sometimes a different set
> depending upon which DFS Root server does the referral.
>
>
> On Mon, 15 Dec 2008 13:06:11 -0800, Nick <Nick[ at ]discussions.microsoft.com> wrote:
>
> >
> >I am in a dilemma here with permissions in Windows 2008 DFS and need to know
> >how to resolve this issue.
> >
> >I have a Windows DFS 2008 server with DFS installed in Stand-alone mode.
> >I created a namespace ABC using wizard, no problem.
> >
> >I created Folder and added target folder located on the same server but
> >different drive.
> >I used Customize option and added necessary permissions to the folder while
> >creating.
> >
> >When I try to located the folder through another computer using UNC
> >\\server\share\folder
> >I get permission denied error message. I even get this error when I am
> >remote logged on the DFS server.
> >
> >Please advise me how to properly setup permissions in DFS target folders,
> >this is very important and any help will be highly appreciated.
> >
> >Thanks
> --
> Dave Mills
> There are 10 types of people, those that understand binary and those that don't.
>
|
|
On Fri, 19 Dec 2008 13:01:03 -0800, Nick <Nick[ at ]discussions.microsoft.com> wrote:
[Quoted Text] >Thanks Dave, this explains a lot. So what I am understanding is the DFSroot
>permission are different than target folder permissioms? and in order for
>this to work, both permissions must be set properly? In my case target folder
>is within DFSroot, so should'nt it inherit permissions from parent (DFSroot)
>folder?
>
I do not have any experience of putting the data folder in the DFSRoot, it is
not a recommended configuration. Are you saying the you have placed the data
folder in the DFSRoot and then created a link to it. I would expect the
permission to be inherited and also the data to replicate with the DFSRoot
structure. (oops just noticed you have a stand alone so there is no replication
I believe). Have you also checked the share permissions on the target UNC path?
I would move the target folder to a physical location on the DFS server that is
not within the DFSRoot structure and change the link.
If you have you DFSRoot as D:\DFSROOT
and you data D:\DSFRoot\Data shared as \\server\data
and a link in DFSRoot that points to \\server\data
Then try moving the data folder to D:\Data and sharing it as \\server\data
Then create/modify the link to point to \\server\data (i.e. same UNC but it is
in a different physical location, you probably don't need to change it but do
check it)
After this your DFSRoot will contain only links. All data will be outside the
DFSRoot structure (although still on the same had disk). I believe this is more
in line with the expectations of the DFS designers. If you read the MS document
"How DFS Works" you will find quite a lot of restrictions on the content of the
DFSRoot, e.g. Max number of folders etc. This applies to the root but not to the
link targets. By having the targets outside the root your data will not count
towards these limits.
>"DaveMills" wrote:
>
>> Remember that the are two objects, each with their own NTFS permissions.
>> First there is the folder within the DFSRoot that becomes the Link. These
>> permissions can be seen on the physical folder. Go to X:\DFSRoot and look at the
>> security settings on the folder.
>> Second are the NTFS Permissions on the target folder. These are the ones usually
>> exposed to the user but access via the DFS link also requires read permission on
>> the link folder itself.
>>
>> Remember too that there may be more than one copy of the physical link if you
>> have more than one DFS root server. It is quite possible to get different
>> permissions on each copy which means that accessing the same folder via DFS can
>> sometimes experience one set of permission and sometimes a different set
>> depending upon which DFS Root server does the referral.
>>
>>
>> On Mon, 15 Dec 2008 13:06:11 -0800, Nick <Nick[ at ]discussions.microsoft.com> wrote:
>>
>> >
>> >I am in a dilemma here with permissions in Windows 2008 DFS and need to know
>> >how to resolve this issue.
>> >
>> >I have a Windows DFS 2008 server with DFS installed in Stand-alone mode.
>> >I created a namespace ABC using wizard, no problem.
>> >
>> >I created Folder and added target folder located on the same server but
>> >different drive.
>> >I used Customize option and added necessary permissions to the folder while
>> >creating.
>> >
>> >When I try to located the folder through another computer using UNC
>> >\\server\share\folder
>> >I get permission denied error message. I even get this error when I am
>> >remote logged on the DFS server.
>> >
>> >Please advise me how to properly setup permissions in DFS target folders,
>> >this is very important and any help will be highly appreciated.
>> >
>> >Thanks
>> --
>> Dave Mills
>> There are 10 types of people, those that understand binary and those that don't.
>>
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
|
|
|