Re: ABE in a DFS Environment

Hi Brandy Nee,

Thank you for your reply.

1) Yes, I shared the folder as \\domain\share.

2) Domain root.

3) Yes, right click the root in the DFS management, and then add new link.

4) Yes, I did know the information in the Microsoft knowledge base website.
That is why use the cacls to manually set the ACL.


Anxiously waiting for your reply.


Billy

************************************************************************************



""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:X$cv71IBGHA.2560@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Billy,
>
> Thank you for posting to the SBS Newsgroup.
>
> I am sorry for the delayed response due to weekend. Please understand that
> the newsgroups are staffed weekdays by Microsoft Support professionals to
> answer your systems and applications questions. Your understanding is
> greatly appreciated!
>
> I am sorry that did not reply you in time due to high work volume today.
>
> I understand that you installed ABE on both SBS 2K3 Server and Windows
> Server 2003, and you cannot see any shared folders on Windows Server 2003
> from SBS 2K3 Server unless turned off ABE. If I have misunderstood your
> concern, please let me know.
>
> Due to lack of information, I need your help to gather following
> information:
>
> 1. Just double confirm, did you access the shared folder by
> \\domain\share?
>
> 2. You mentioned "they also host their own DFS root", which root type did
> you choose, "stand alone root" or "Domain root"?
>
> 3. You mentioned "I add link to the DFS of SBS 2003", I need to know how
> you add link to DFS. Do you mean in the DFS Management, right click the
> root target you created and select New Link?
>
> 4. For your additional information:
>
> If the ACL on the DFS link is not set to match the ACL on the target then
> the following situations may arise:
>
> a. If the ACL on the link is more restrictive than the ACL on the target,
> then while enumeration, the link will not be displayed. However, if the
> user knows the name of the link through some other means, then they would
> be able to browse to that path and see the contents of the target.
>
> b. If the ACL on the link is less restrictive than the ACL on the target,
> then while enumeration, the link will be displayed but if the user browses
> to the link then they will see an "access Denied" message.
>
> Please take your time to gather the information, and I am looking forward
> to hearing from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> --------------------
>>From: "Billy Leung" <billy@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: ABE in a DFS Environment
>>Date: Fri, 16 Dec 2005 19:44:17 ?
>>Lines: 34
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <evXIQYjAGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>NNTP-Posting-Host: aworklan003148.netvigator.com 203.198.149.148
>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230668
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Hi all,
>>
>>I am having a problem in ABE (Access-based Enumeration) in a DFS
>>(Distributed Files System) environment.
>>
>>Hong Kong server: SBS 2003 SP1
>>China Server: Windows Server 2003 Standard SP1
>>
>>These two servers connected together by VPN in same domain but with
>>different subnet (192.168.0.X and 192.168.1.X). Both servers are installed
>>with ABE (by using ABEUI utility).
>>
>>Both servers have their own shared folder and they also host their own DFS
>>root. Then, I added some links to the DFS of Win2K3 Standard. The target
> are
>>some shared folders in SBS 2003. It works fine. However, it does not work
>>when I made the same procedure to the SBS 2003, meaning, I add link to the
>>DFS of SBS 2003 while the target of the link is Win2K3. The target folder
>>does not show up in Windows Explorer unless I turn off the ABE.
>>
>>It seems to me that the ACL on the link does not allow me to access the
>>target even though I did set full control in the target folder (both in
>>"Share" and "Security").
>>
>>I tried to use Cacls utility to verify the ACL. But the link is exactly
> the
>>same as the target ! (I even manually set the link and target ACL. But no
>>luck.)
>>
>>Is there any problem in the AD? How can I fix it? Any help would be highly
>>appreciated.
>>
>>
>>Billy
>>
>>
>>
>


.

Relevant Pages

  • RE: Metaphysical question about DFS
    ... The following is from "How DFS Works": ... How Target Selection Works ... domain controller or root server provides a referral to the client. ...
    (microsoft.public.windows.server.general)
  • Re: Migrate old shares/home folders to DFS server
    ... Migrate old shares/home folders to DFS server ... 'NewDFSServer.domain.com' with DFS on that's called 'domain.com\Home$'. ... 'OldFSServer' to their folder under Home$ now on DFS. ... Vincent Xu wrote: ...
    (microsoft.public.windows.server.migration)
  • RE: Replication problem on sub-folder
    ... Delete the Ntfrs.jdb file in the \Ntfrs\Jet folder. ... On SBS Server, click Start -> Run, type REGEIDT and click OK. ... controller by the following command in command prompt: ... 1.Use DFSUTIL command to remove the DFS Root. ...
    (microsoft.public.windows.server.sbs)
  • Re: Distributed File System / File Replication Service
    ... The folder still exists, the share still exists, but the DFS root does not still exist. ... When running the first command, the secondary server reports: ...
    (microsoft.public.windows.server.active_directory)
  • Re: create folder in public folders using Exchange SDK and C#
    ... installing setUp of my program to register this eventsink on the target ... copied this on the target server and then start the com ... folder is deleted or inserted in the public mail folders. ...
    (microsoft.public.exchange2000.development)