No announcement yet.

DFS security issue.

  • Filter
  • Time
  • Show
Clear All
new posts

  • DFS security issue.

    We created a new DFS which spans 10 remote servers. Each server has one root link in the DFS.

    We recently found that some users could create a new folder in the root of the DFS! Puzzled, I looked into the issue.

    I have found on the D drive of most of the domain controllers there is a folder called "DFS" which seems to be automatically created by the system. It is shared with the following permissions:

    Everyone - ALLOW - Change & Read

    Security is set to:

    Administrators (MyDomain\Administrators) - ALLOW - Full Control
    Creator Owner - ALLOW - Special Permissions -
    Apply onto: Subfolders & Files only
    Full Control
    System - ALLOW - Full Control
    Users - ALLOW -Read & Execute, List Folder Contents, Read, Special Permissions -
    Apply onto: This folder & subfolders
    Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, Create Files / Write Data, Read Permissions

    Are these permissions correct? What is this folder used for?
    +-- JDMils
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades

  • #2
    Re: DFS security issue.

    Each server that is part of the Namespace hosts a root folder, these are called Namespace servers. By default these are shared folders stored under C:\DFSRoot. Looks like someone is using D:\DFS are the root folder which is fine. Verify thats the case by looking in the DFS MMC.

    Sounds like they're setup with default NTFS permissions. Nothing abnormal here just change the permissions on the root folder.