Discussion:
How does share/ntfs permission affect on the DFRS ?
(too old to reply)
IT Staff
2009-07-16 03:07:06 UTC
Permalink
WINDOWS 2003 R2 32 BIT


\\server1\shared1 - overall permission is users1 can read
\\server2\shared2 - overall permission is users2 can write

\\domain_name_space.com\alldoc
folder targets below:
(\\server1\shared1)
(\\server2\shared2 )

Both users1 and users2 see the same set of folders displayed. Say server2 is
offline. When users2 see files in server1 target via the
\\domain_namespace\alldoc, does the ORIGINAL permission applies ?
DaveMills
2009-07-17 21:32:57 UTC
Permalink
When a client access a DFS share the target folder is retrieved (it could be any
target if there are more than one). The client the access the share using the
resolved UNC name. The permissions are the same as those that would apply if the
user went straight to the UNC name without using the DFS path.

The configuration you have described is a disaster. Neither user will get a
consistent result. Furthermore there is an assumption that the two folders 1 and
2 are going to be identical.

There is a document "How DFS works" on the MS DFS site, read it.
Post by IT Staff
WINDOWS 2003 R2 32 BIT
\\server1\shared1 - overall permission is users1 can read
\\server2\shared2 - overall permission is users2 can write
\\domain_name_space.com\alldoc
(\\server1\shared1)
(\\server2\shared2 )
Both users1 and users2 see the same set of folders displayed. Say server2 is
offline. When users2 see files in server1 target via the
\\domain_namespace\alldoc, does the ORIGINAL permission applies ?
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
IT Staff
2009-07-18 04:11:58 UTC
Permalink
I thought when a client access DFS share, it should point to their local
site server.

How shld i configure the permissions then ?
Post by DaveMills
When a client access a DFS share the target folder is retrieved (it could be any
target if there are more than one). The client the access the share using the
resolved UNC name. The permissions are the same as those that would apply if the
user went straight to the UNC name without using the DFS path.
The configuration you have described is a disaster. Neither user will get a
consistent result. Furthermore there is an assumption that the two folders 1 and
2 are going to be identical.
There is a document "How DFS works" on the MS DFS site, read it.
Post by IT Staff
WINDOWS 2003 R2 32 BIT
\\server1\shared1 - overall permission is users1 can read
\\server2\shared2 - overall permission is users2 can write
\\domain_name_space.com\alldoc
(\\server1\shared1)
(\\server2\shared2 )
Both users1 and users2 see the same set of folders displayed. Say server2 is
offline. When users2 see files in server1 target via the
\\domain_namespace\alldoc, does the ORIGINAL permission applies ?
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
DaveMills
2009-07-18 05:24:29 UTC
Permalink
Post by IT Staff
I thought when a client access DFS share, it should point to their local
site server.
The server that is chosen is dependant upon the link cost (as for AD sites and
services) and the properties you set on the links in the DFS console. Again so
"How DFS Works" http://technet.microsoft.com/en-us/library/cc782417(WS.10).aspx

It is not a technically difficult read and you will be surprised at how simple
the referral system is. It explains the role of the DCs, the DFS Servers and the
client.
Post by IT Staff
How shld i configure the permissions then ?
Post by DaveMills
When a client access a DFS share the target folder is retrieved (it could be any
target if there are more than one). The client the access the share using the
resolved UNC name. The permissions are the same as those that would apply if the
user went straight to the UNC name without using the DFS path.
The configuration you have described is a disaster. Neither user will get a
consistent result. Furthermore there is an assumption that the two folders 1 and
2 are going to be identical.
There is a document "How DFS works" on the MS DFS site, read it.
Post by IT Staff
WINDOWS 2003 R2 32 BIT
\\server1\shared1 - overall permission is users1 can read
\\server2\shared2 - overall permission is users2 can write
\\domain_name_space.com\alldoc
(\\server1\shared1)
(\\server2\shared2 )
Both users1 and users2 see the same set of folders displayed. Say server2 is
offline. When users2 see files in server1 target via the
\\domain_namespace\alldoc, does the ORIGINAL permission applies ?
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
Loading...