No announcement yet.

DFS - setting "read only" on root

  • Filter
  • Time
  • Show
Clear All
new posts

  • DFS - setting "read only" on root

    Hey gang,

    I just started at a new company that uses a DFS on one of their Win2k3 servers, and for a certain group of users, the root of that DFS is mounted as an X drive for them to access.

    I want to make it so that nobody can create NEW files/folders on the root of the DFS, but leave all existing subfolder permissions untouched. Here's how the various permissions I see on root are broken down:

    * If I look at the properties of the root within the DFS program itself, the security tab says that Authenticated Users have read-only, and Administrators have full control.

    * If I look at the properties for the actual file share that represents the DFS root (C:\master), the sharing tab shows Everyone as having full control of the root. The security tab shows that Everyone has full control, and that permissions are being inherited from the parent.

    Because this file share is accessed 24/7, I can't just "play" with these properties to find my answer. I'm hoping someone can look at this scenario and make a recommendation. Thanks in advance.


  • #2
    Re: DFS - setting "read only" on root

    if i am understanding the situation, all you would need to do is remove inherited permissions on the root, then assign the appropriate permissions to the root, then on down the line.

    like admin has full control at root, and authenticated users are denied create, then in the subfolder grant create/modify to authenticated users and full control to admin...

    follow? ;P

    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...


    • #3
      Re: DFS - setting "read only" on root


      Thanks - I think I follow. Basically when I open that DFS tool and look at where all the DFS folders actually point to, the folders are all set to NOT inherit permissions, so my specific actions, if I'm understanding what you said correctly, is:

      Look at security tab for c:\master, uncheck the box for inheriting permissions from root, and change the Everyone group to have read-only.

      Sound right? I guess my sub-question is...even if I changed permissions on C:\master and told them to propagate to all subfolders, would that work, considering the DFS folder structure spans about 3 different servers?



      • #4
        Re: DFS - setting "read only" on root

        DFS security is controlled from the actual folder structure for which the Target points to. IE. If folder \\SourceServer\TestFolder is a root\target in DFS, then logon to the \\SourceServer via console and set filesystem permissions there.

        Off the top of my head, to set permissions only to the current folder without affecting sub folders, you need to:
        1. Right-click the respective folder and choose Sharing & Security
        2. Click the Security tab
        3. Click the Advanced tab
        4. In the Apply Onto drop-down, select This Folder Only
        5. Now set your permissions

        Note that if there are permissions inherited from the parent folder which will conflict with what you want to do, you need to turn off "Allow inherited permissions from the parent to propagate to this object....."
        +-- JDMils
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades


        • #5
          Re: DFS - setting "read only" on root


          Fantastic advice guys - between both of your posts I was able to set the permissions on c:\master so that if anyone tried to create a folder on the root of the DFS they get "access denied." Heh, for once it's nice to WANT to see the access denied message when dealing with NTFS permissions

          Have a great weekend dudes,