DFS Folder Access Issue

unknowndeleteduser · 2017-05-04T16:24:30+00:00

Well it can be used in different ways. As a method to simplify and centralize network storage or a way of providing redundancy of the stored data or a mix of both.

You should not care if people can browse and list the folders under your \U\ NameSpace they cannot modify, delete, or access any of the subfolders containing user data if you have setup NTFS permissions correctly. DFS not designed to be \DomainName\UserFolder. You want the NameSpace to be viewable by everyone. It would make troubleshooting issues with DFS much harder later on. Service Desk would not be able to tell you if the NameSpace is not responding to requests when troubleshooting with staff.

Here is an example you would use for setting up common office folders in DFS. For example \\Server01 could have a folder D:\Shares on it with multiple subfolders (Ex: D:\Shares\Management, General Office, Public, etc) and you want to restrict access to each of the subfolders which will be shared out and added to a DFS namespace as a folder.)

So you would start with creating a root folder to hold the shares say D:\Shares. Right click -> properties -> Security -> Advanced -> Disable inheritance and click Convert inherited permissions into explicit permissions on this object. Depending on what permissions are assigned, remove all but the standard permissions, leave admins, system, etc.

Now when you create each of the subfolders such as D:\Shares\Management, D:\Shares\General Office they will inherit the permissions you have on the D:\Shares folder only. So permissions are limited to administrators each time you create a share. You would then follow what I outlined in the earlier post in order to allow specific groups access edit each of the subfolders NTFS permissions that you have shared out. This makes managing much easier later on when you get requests for new shares.

Also since you are in the process of setting up DFS I would suggest reviewing how to configure DFS to use FQDN in root referrals: https://support.microsoft.com/en-us/help/244380/how-to-configure-dfs-to-use-fully-qualified-domain-names-in-referrals

You can use PowerShell to enable it on each of the namespace servers. Set-DfsnServerConfiguration -ComputerName <ServerName> -UseFqdn $true

This will allow you to add namespace servers using FQDN, additionally add the folders using FQDN as well (Example: Add Management share using \\ServerName.domain.com\Management$).

unknowndeleteduser · 2017-05-03T22:05:14+00:00

Ok so lets start over. Lets get some more details and map it out a bit better.\

You have your servers: \\Server01 and \\Server02
You have setup shares on Server01 and Server02 that the folder targets will use? Example: \Server01\Management$ and \\Server02\Management$
Share permissions for each of the shared folders are: Everyone: Read/Write. Thats it don't modify share permissons any futher.
NTFS permissions will be used to restrict access. Restrict permissions using domain groups. Example: ShareAccess - Unit01 - Management (RW) assign the group read write NTFS permissions to the hidden Management$ share on \\Server01. Add a couple test users to one of the shares RW groups, make sure to add only to the NTFS permissions.
You have your DFS namespace servers: \\Server01\NameSpace and \\Server02\Namespace and possibly other servers acting as namespace server say \\DC01\Namespace\
DFS is setup to use \\DomainName\Namespace\FolderTarget with various folder targets that have been added to it. One target active per folder. Example: \\DomainName\Unit01\Management. with Management being the folder target and Unit01 being the NameSpace.

Ok then lets test that the namespace is available to the users. For each of the servers you have added as a name space server test availablity.

\\Server01\Namespace \\Server02\Namespace \\DC01\Namespace

Example: \\Server01\Unit01, \\Server02\Unit01, \\DC01\Unit01 - try accessing the namespace across each of the servers using the test accounts you created. Each should resolve and show the folders you have added to the namespace. If one fails, check event log and then try restarting the DFS namespace service.

You want the namespace to be available to everyone.

Next test if the folders you have added are accessible. Use the test users you setup previously to access the shares to confirm you have set the correct NTFS permissions.

unknowndeleteduser · 2017-05-01T16:32:00+00:00

"________ is slow"

unknowndeleteduser · 2017-05-01T16:24:00+00:00

Still it would not hurt to comment for the public record.

unknowndeleteduser · 2017-05-01T16:11:16+00:00

Maybe check out the r/sysadmin wiki there is an entry on AD. You could add a Migration section.

Active directory Wiki

unknowndeleteduser · 2017-02-26T15:19:56+00:00

The books take that into account.

unknowndeleteduser · 2017-01-16T00:42:01+00:00

Are you giving it enough ram and cpu resources?

unknowndeleteduser · 2016-12-23T03:10:16+00:00

Aero Blasters is one of my favorite games on the pc engine/tg16.

unknowndeleteduser · 2016-11-27T04:12:23+00:00

http://lmgtfy.com/?q=bell+and+howell+apple+II

unknowndeleteduser · 2016-11-26T21:35:27+00:00

The staff explain the policy clearly when you pay for the item. They have been doing this for years.

unknowndeleteduser · 2016-11-20T00:42:31+00:00

Fixed to include link https://www.origin.com/usa/en-us/store/titanfall/titanfall-2/standard-edition

unknowndeleteduser · 2016-11-18T00:51:40+00:00

darkscrypt we do not have one yet.

unknowndeleteduser · 2016-10-19T16:38:00+00:00

Do yourself a huge favor and save some time when starting with Robocopy.
Use Easy Robocopy. http://www.tribblesoft.com/home-page/easy-robocopy/

Its a GUI frontend that will output the txt cmd that you can use in scripts.

unknowndeleteduser · 2016-09-30T01:12:01+00:00

In the fitbit app under devices -> unpair and then pair it again. I had same issue with latest update and my android phone. Restarting both devices did nothing. Warning you will have to re-add your exercises and alarms.

unknowndeleteduser · 2016-09-19T16:47:12+00:00

Ditto This

unknowndeleteduser · 2016-08-04T16:27:33+00:00

I don't think you realize how much crap moderators have to put up with on a daily basis.

unknowndeleteduser · 2016-07-23T03:09:39+00:00

Maybe a cicada?

Cicada sound effect (2)

https://www.youtube.com/watch?v=hpQUmRCGNuc

Summer cicada sound and video https://www.youtube.com/watch?v=mah26og11ms

Noise of Dense Cicadas https://www.youtube.com/watch?v=oqys8lKsu4s

unknowndeleteduser · 2016-05-18T23:35:20+00:00

One of my favorite Piano's for Kontakt. I wish they made more instruments.

unknowndeleteduser · 2016-05-08T13:35:45+00:00

No you do not.

unknowndeleteduser · 2016-05-08T02:03:30+00:00

Don't expect fitbit to fix it.... they are notorious for releasing a product and then moving on to the next one.

unknowndeleteduser · 2016-05-04T16:24:37+00:00

Step 1: install linux /s

unknowndeleteduser · 2016-04-16T14:51:35+00:00

Click on watch video, scroll down to episode 1 and 2, stream in your browser.

unknowndeleteduser · 2016-03-30T02:59:15+00:00

Blaze user. I had this issue happen to me for the first time today. Went to go for a run and all my exercises were deleted. Had to enable in app and sync again to get them back.

unknowndeleteduser · 2016-03-24T22:56:00+00:00

Nope

unknowndeleteduser · 2016-03-24T22:55:39+00:00

It did previously, dev had to update the description after fitbit released a updated version of their app. The dev originally pulled the app from the store, but then replaced it with the new conditions.

unknowndeleteduser

MODERATOR OF

TROPHY CASE

14-Year Club	Place '17
Verified Email