Few questions:
1. This is working fine for Windows XP clients. So why would permissions
need to be any different for Windows 7 clients?
2. Here is my setup:
I have 3 file servers that host not only the file shares but also the DFS
Roots. The 3 file servers are in 3 different AD Sites (based on network
subnet) and so the concept is clients get re-directed to the file server
closest to them in their site.
\\domain.local\DFS - root namespace
\\server1\DFS \\server2\DFS \\server3\DFS - namespace servers
NTFS Permissions for DFS root folder on each of the namespace servers -
Administrators - FULL, Domain Admins - FULL, Domain Users - FULL, Everyone -
Read, System - FULL
SHARE Permissions for DFS root folder on each of the namespace servers -
Administrators - FULL, Domain Admins - FULL, Domain Users - FULL, Everyone -
Read, System - FULL
\\domain.local\DFS\Users - dfs folder
\\server1\Users \\server2\Users \\server3\Users - folder targets for Users
DFS Folder
NTFS Permissions for Users folder on each folder target server - Domain
Admins - FULL, System - FULL, Creator Owner - FULL - Subfolder & Files Only,
Domain Users - Traverse Folder/Execute File, List Folder/Read Data, Read
Attributes, Create Folders/Append Data - This Folder Only
SHARE Permissions for Users folder on each folder target server - Domain
Admins - FULL, System - FULL, Domain Users - FULL, Everyone - Read
Thanks!!
Post by DaveMillsPost by p***@community.nospamOK dug a little deeper and the issues appears to be DFS. I can browse
directly to the target folder on either of the 2 target servers and open
files fine. If however I try to browse via the dfs based name share then I
get an access denied.
\\server1\users\param\My Documents\test.doc - no problem
\\server2\users\param\My Documents\test.doc - no problem
\\domain.local\users\param\My Documents\test.doc - ACCESS DENIED
Any ideas?
The DFS root folder will contain the links. These look like folders but are re
parse points that point to the sever unc names. So I might have
domain.local/users/john --> \\server1\users\john
where domain.local/users is the DFS root and john is the re parse point.
This is accessed as \\domain.local\users\john and when the client reads this it
retrieves the link destination and then opens \\server\users\john.
If you open C:\Users on the DFS server you will see the folder "John" this is
the re parse point and if you try to open it you cannot because it is not a
folder and can only be open via its UNC name. However it does have NTFS
permissions and these must allow the end user to "read" the re parse point info.
Once this info has been read the client can redirect to the target share. The
target share also has NTFS permissions and these(plus the share permissions)
determine what the user can do.
It is enough to simply grant "Everyone" read on the re parse point although you
may wish to use different permissions, especially if you want to use ABE to
control which links will be displayed to users.
This would be true whatever the client XP, Vista and I presume Windows 7. It may
be just the Windows 7 user that does not have read permission to the re parse
point.
Post by p***@community.nospamPost by p***@community.nospamHi all,
I have a workstation client running Windows 7 that is having difficulty
opening any documents from the My Documents folder. We are running Windows
2003 SP2 Domain Controller that has all the users My Documents re-directed
via GPO to a DFS based file share. I have verified all the NTFS & Share
permissions are correct. All other clients (Windows XP) have no problems.
However the Windows 7 client cannot open any document (Word, Excel, PDF,
Text etc) and gets an "Access Denied" message. What is weird is if I
navigate directly to the actual server file share (one of the target roots
of the DFS) then everything works fine. I am able to open and save files OK.
Any ideas?
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.