Re: Clustered DFS Root Share Permission

Remember the permissions inside cluster admin are 'share' permissions. So,
we recommend leaving the default share permissions and then lock the shares
down using NTFS permissions.

--
Chuck Timon, Jr.
Microsoft Corporation
Longhorn Readiness Team
This posting is provided "AS IS" with no
warranties, and confers no rights.


"Scott Gray" <scottgray69@xxxxxxxxxxx> wrote in message
news:45807b3d$0$8743$ed2619ec@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Chuck, I think I understand the Clusters Permissions now, what I need
to know is what permissions do I apply to the users group on the Root DFS
Share within cluster admin?

S
"Chuck Timon [Microsoft]" <ctimon@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ONkf3HvHHHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
From the cluster perspective.......and this applies to any clustered file
share root folder....the cluster service account (which is a member of
the local admin group on each node), needs a minimum of Read access to
the root folder which, by default, is propagated down to any subfolders.
This is needed so the cluster service can bring the resource online.

--
Chuck Timon, Jr.
Microsoft Corporation
Longhorn Readiness Team
This posting is provided "AS IS" with no
warranties, and confers no rights.

"Scott Gray" <scottgray69@xxxxxxxxxxx> wrote in message
news:45802652$0$8734$ed2619ec@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Chuck, I think I have got you here, users do not need access to the
Cluster DFS Share they only need rights to the share that is being
refered to by the DFS links.

So that would mean that when creating the DFS Share within Cluster Admin
I can remove the everyone/read permission and give the Admin
Groups/read. After that I need to ensure that that the users have the
correct access on the share that is being targeted by any DFS links that
are created but they do not any access to the DFS Root share.

I have I understood you correctly?

Thanks again for your time.

Scott


"Chuck Timon [Microsoft]" <ctimon@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uwx8$wsHHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Remember the DFS Namespace (clustered DFS Root) is the 'root', if you
will, of the namespace and users do not need specific access to
that...they need access to the leaf objects off the root where the data
is stored. The cluster service needs access becasue it has to bring
this special file share online or the rest of the implementation will
not work.

Look at it this way, if you were to implement this in AD and not as a
clustered file share, how would you deal with it?

--
Chuck Timon, Jr.
Microsoft Corporation
Longhorn Readiness Team
This posting is provided "AS IS" with no
warranties, and confers no rights.



"Scott Gray" <scottgray69@xxxxxxxxxxx> wrote in message
news:457ffe27$0$8714$ed2619ec@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Chuck, thanks for the quick response. Obviously you have said the
cluster will be happy with everyone/read What permissions do users
need to be able to use the DFS Links, is everyone/read enough for them
also or do I need more detailed permissions. I just cant find any good
information on the permissions that should be applied.

Cheers
Scott


"Chuck Timon [Microsoft]" <ctimon@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:OjT9IHrHHHA.4056@xxxxxxxxxxxxxxxxxxxxxxx
That is all the cluster needs. Now you need to decide what everyone
else needs.

--
Chuck Timon, Jr.
Microsoft Corporation
Longhorn Readiness Team
This posting is provided "AS IS" with no
warranties, and confers no rights.

"Scott Gray" <scottgray69@xxxxxxxxxxx> wrote in message
news:457fe804$0$8756$ed2619ec@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am currently setting up a clustered DFS infrastructure and I am
finding it difficult to track down any information on what the
minimum share permissions that can be applied to the DFS Root Share
also what are the minimum NTFS permissions for the DFS Root folder
Structure.

Obviously Win2K3 default share permissions are Everyone Read is this
enough?

Thanks in advance.
Scott
















.

Relevant Pages

  • Re: Clustered DFS Root Share Permission
    ... Cluster DFS Share they only need rights to the share that is being refered ... they do not any access to the DFS Root share. ... or do I need more detailed permissions. ...
    (microsoft.public.windows.server.clustering)
  • Re: IIS6 on 2003 Cluster - cannot get working!!
    ... Here are some steps to properly reset the permissions. ... Microsoft Enterprise Platform Support ... Windows NT/2000/2003 Cluster Technologies ... > Loaded script engine 'VBScript' successfully. ...
    (microsoft.public.windows.server.clustering)
  • Re: Clustered DFS Root Share Permission
    ... know is what permissions do I apply to the users group on the Root DFS Share ... share root folder....the cluster service account (which is a member of the ...
    (microsoft.public.windows.server.clustering)
  • Re: Clustered DFS Root Share Permission
    ... Cluster DFS Share they only need rights to the share that is being refered ... So that would mean that when creating the DFS Share within Cluster Admin I ... do I need more detailed permissions. ...
    (microsoft.public.windows.server.clustering)
  • RE: NTFS permissions on cluster share? Illogical!!!
    ... File Shares and their respective permissions? ... 256926 Implementing Home Folders on a Server Cluster ... Windows NT/2000/2003 Cluster Technologies ...
    (microsoft.public.windows.server.clustering)