DFS Root namespace is RDWR for all users

Posted by Patrick on Server Fault See other posts from Server Fault or by Patrick
Published on 2012-07-03T14:13:18Z Indexed on 2012/07/03 15:17 UTC
Read the original article Hit count: 214

Filed under:
|

We have an existing DFS Replication and Namespace group that we use to serve the company's files.

This has been operating fine for us for some time now, and continues to do so. however a situation arose yesterday afternoon that has led us to be stumped.

The problem is that we have our name space presented as :
\\domain.co.uk\public\[8 or 9 folders that are mapped to the users in the business]

We had a problem this morning that meant that a number of users started mapping their AD Home Drive directly to the \\domain.co.uk\public directory and we found that they had read/write. This rapidly became a problem as a at least one director saved some moderately sensitive documents in there and basically anyone could read them.

I've tidied up that specific problem with some deft scripting and a slight modification of group policy.

However I would like to make \public read only, the trouble is I can't work out where the ACLs for that folder would be held.

All the folders that are presented as \\domain.co.uk\public\[folder] are 'real' folders on logical volumes on our DFS servers so are secured with groups that are applied via the 'security' tab.

I'd like to do the same on \public but I can't find it. I have looked through amongst other things \Sysvol\domain.co.uk but can't find it and after a lot of clicking and a bit of reading I can't see how to lock it down.

Any thoughts?

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Related posts about dfs