For example, if you grant a user Modify permissions to a folder on a domain controller, the user can access the files on a replication partner only under the folder. The user does not immediately have permissions to access the folders (parent folder and subfolders).
Note The changes appear on replication partners for the folders after 7 to 10 minutes.
This issue occurs because when you make folder security changes remotely, there's a delay before the redirector sends the Close statement for the parent folder. Therefore, the receiving NTFS driver doesn't immediately stamp the change with a USN Close statement in the NTFS Journal for the DFSR USN consumer.
- Avoid changing folder permissions remotely even if you use Windows Server Core Edition. Instead, make security changes on the target itself. You may also consider having at least two domain controllers with GUI implementedone with the primary domain controller (PDC) emulator operations master (also known as flexible single master operations or FSMO) role for introducing the changes locally, and one as potential backup for this operations master role.
- On the server on which you use Windows Explorer to make security setting changes, create the NoRemoteRecursiveEvents and the NoRemoteChangeNotify registry entries, and set the registry value to 1 in one of the following registry subkeys:
Note You must restart the computer to make these registry entries work.
For more information about these registry entries, see the "Installation information" section in Folder tree flickers when you view a mapped network drive in Microsoft Windows Explorer.