Discussion:
Trying to understand permissions & best practices
(too old to reply)
Frank
2009-12-12 14:51:53 UTC
Permalink
I am trying to troubleshoot DFS permission issues: when an end user goes to
\\server\share they can access OK, but when they access via DFS they are
asked for username and password.

I have just read a TechNet article for server 2003 entitled "Best practices
for Distributed File System" which has the following

<quote>
Ensure that file system permissions are set correctly.

In order for a user to access files in a DFS target folder, the user must be
allowed access to the target and to all parent folders. In addition, the
user must be allowed access to the server hosting the DFS root, and to the
link and the link's parent folders. For more information on setting
permissions, see Access control overview.
</quote>

I'm confused by the reference to the "parent folders" in this scenario lets
assume that "server" has a share at C:\MiscShares\Share
Would the end users need access to "MiscShares" as well as "Share"?

And the same question for the DFS root, e.g. a root at c:\dfsroots\dfs , do
end users also need permissions for "dfsroots" ?

F
DaveMills
2009-12-12 20:02:29 UTC
Permalink
Post by Frank
I am trying to troubleshoot DFS permission issues: when an end user goes to
\\server\share they can access OK, but when they access via DFS they are
asked for username and password.
The main difference is that there are NTFS permission on the link and the
target. They are both used.

For example I set up a DFFR root folder called \\Domain\Share and add a link
called "target".This link will be in the DFS root folder say
\\ServerA\C$\DFSRoot\target. If has NTFS permissions that allow Admins F/C but
users are granted no access. The target point to \\ServerB\Folder where the
permissions are Shared:Everyone=F/S and NTFS:Everyone=F/C

So a user can access the target fine but to get there via DFS he must read the
Link called "target" but the permissions do not allow the link to be read to
find out what the target is. Hence no access via DFS
Post by Frank
I have just read a TechNet article for server 2003 entitled "Best practices
for Distributed File System" which has the following
<quote>
Ensure that file system permissions are set correctly.
In order for a user to access files in a DFS target folder, the user must be
allowed access to the target and to all parent folders. In addition, the
user must be allowed access to the server hosting the DFS root, and to the
link and the link's parent folders. For more information on setting
permissions, see Access control overview.
</quote>
I'm confused by the reference to the "parent folders" in this scenario lets
assume that "server" has a share at C:\MiscShares\Share
Would the end users need access to "MiscShares" as well as "Share"?
And the same question for the DFS root, e.g. a root at c:\dfsroots\dfs , do
end users also need permissions for "dfsroots" ?
F
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
Loading...