MagnusHMemberSep 27, 2007 at 1:00 pm #128003
I have a disk with some 1700 folders under a single share that the users connects to. I use “ABE” to hide the folders that are of no interest so that the typical user will end up seeing only five or ten folders under the mapped drive. The total amount of data is about 1.3Tb so I’m not very keen on working with file rights based on individual users, I’d rather like to manage the NTFS rights by using Groups of any sort based on Active Directory.
I have two main issues right now that I’d like to have your help to address;
¤ Access to files or folders based on group membership is not reflected dynamically, e.g. if I grant USER1 membership to a GROUP1 (where GROUP1 has rights to a file or a folder) the user will have to log off and log on again to get the right set of tokens. Plan B would be to have the user wait for 10-12 hours for the Kerberos Ticket to renew (?).
? Is there a way to manually – from the server or the client –initiate a re-authorization in order to get the new membership information?
¤ Since the information is available from more than ten sites, each with its own DC, I’m also interested in finding a way to propagate the new information instantly.
Please, let me know if I’m totally of track here, if I’m missing any obvious solutions or if the setup if just wrong. Any help, thoughts or ideas are appreciated.
You must be logged in to reply to this topic.