When you define replica members for a Distributed File
System (DFS) share in a Microsoft Windows 2000 environment, you must grant
permissions on folders and files to maintain the correct security. Follow the
list in the "More Information" section of this article to avoid problems with
differing Access Control Lists (ACL) for members and redundant replication of
security settings for replica members. The following list contains information
about how to configure permissions for replica members.
To avoid inheritance and permissions problems with replica
members, follow these items:
- To correctly set permissions on a DFS replica member,
specify the permissions on the root folder of the share, instead of setting
share permissions. Do not set permission shares because the permissions are
only applied to that share. Instead, use the master replica to set file
- If you want to inherit permissions from a parent directory,
set the permissions on a master replica to prevent confusion and conflicts. You
can also deny the change permissions user on the root folder of the replica
- The share permissions are used in replica set members to
prevent clients from connecting to hub DFS servers. This can also be used to
grant users rights based on their group or locality.
- To activate inheritance on a shared folder, click to select
the Apply these permissions to objects and\or containers within this
container only check box.
- Inherited permissions are propagated on the folders and
files by the replica on which the source is created.
- Inherited permissions can be overridden when you reset the
permissions. To reset permissions, in the share properties dialog box, on the
Permissions tab, click to select the Reset permissions
on child objects and enable propagation of inheritable permissions
- To block inheritance of permissions, on the
Permissions tab of the share properties dialog box, click to
clear the Allow inheritable permissions from parents to propagate to
this object check box.
HOW TO: Share Files and Folders Over a Network (Domain)
Article ID: 308568 - Last Review: September 12, 2007 - Revision: 1.4
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server