What we have tried in the meanwhile we have given Everyone Read access to
the root of the DFS folder on a couple of our F/P servers to see what
happens. This gives SYSTEM also Read rights and is apparently enough for
Ultrasound to inventory the complete DFS structure.
This rights change, however, means that it starts checking each file again
against the master DFS which takes time. It does not start copying each file,
but it checks it again. With 46GB/~375000 files it takes some time :-))
Why the rights for SYSTEM have been removed, I don't know. In 2003 we
migrated our Novell F/P servers to Windows 2000 and this was done together
I was not involved in this migration project, so I don't know if this was
suggested by us or HP. But anyway, we have given two groups rights on the DFS
root. Domain Users get Read & Execute and another group gives Full Control to
the DFS and this group contains several Domain Admins (including me).
I don't see any problems with replication with this setup, everything works
One more question, can you perhaps tell me what the default rights are when
you set up a new DFS, or the rights it should have?
Thanks for your help so far,
Post by Ned Pyle (MSFT)
I don't believe this is going to be possible, since the USProvider is
actually envoked via WMI (as SYSTEM) and is not directly configurable like a
normal Windows Service. I'm going to confirm with someone else tommorrow (or
Tuesday if they are OOF) but my review of source and the usprovider.mof are
not looking promising. Because this tool is deprecated, it's unlikely that
this can be changed going forward (FRS is dead - long live DFSR, basically).
Just out of curiosity - why has SYSTEM been stripped from permissions, and
how is replication still working? Have the computers been added to another
group that has rights?
I'll ping back here when I have more info,
Ned Pyle [Enterprise Platform Support - MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by BenLimerkens
I hope someone can help me out. I think it's a great tool to monitor FRS for
both Sysvol and Dfs. I was able to spot and solve a couple of issues we were
But anyways, I still have a problem ;-))
The problem is basically that we have set specific rights on our DFS share.
We have given Domain Users read&execute and Domain Admins full control. You
probably already see that in this way SYSTEM has no rights, meaning that the
Ultrasound provider is unable to gather data and reports an Access Denied.
This results in having no data regarding our DFS share which is a shame.
Is there a way and is this going to work, to have the usprovider.exe start
with a specific Domain account instead of SYSTEM? Then this provider would
have enough rights to read our DFS share and report data back to the
I hope it is clear and somebody can come to rescue,