ross_gailerMemberMar 24, 2011 at 1:00 am #153961
I have a 2003 standar server with SP2 installed. I have a DFS share established that has special permissions for domain users as follows:
Share root : – This folder and files
List Folder/ Read Data
Read Extended Attributes
A separate special permissions is then set as follows:
All permissions except for Full Control, Delete, Change permissions, and Take ownership.
This setup works successfully for XP and Vista. It allows the domain users to list the folders in the root of the share, but not delete them, rename them, or create new folders. In the subfolders, however, they are able to manage the files and folders however they need to.
I now have four windows 7 professional clients. One is 64 bit, the rest 32 bit. When a domain user logs in, the drive mapped with the special permissions is not visible. If you try to manually map the drive, you get an error stating that the drive is already mapped from the client by a different user. Other shares that do not have special permissions applied to them from the same 2003 server are mapped, visible, and usable with no issues. If a user with domain admin rights logs onto one of the Windows 7 clients, the DFS drive is mapped correctly – the special permissions are not applied to these users.
I need to maintain the security on the root level. Is there any way that this can be accomplished?
Quick update – I have set standard read/write permissions on the folder tree from the root and the Windows 7 domain user clients map the drive correctly. It would appear that the issue is the the read special permissions. This setup, however, breaches the required security for the folder.
You must be logged in to reply to this topic.