This article was previously published under Q308568
When you define replica members for a Distributed File System (DFS) share in a Microsoft Windows 2000 environment, you must grant permissions on folders and files to maintain the correct security. Follow the list in the "More Information" section of this article to avoid problems with differing Access Control Lists (ACL) for members and redundant replication of security settings for replica members. The following list contains information about how to configure permissions for replica members.
To avoid inheritance and permissions problems with replica members, follow these items:
To correctly set permissions on a DFS replica member, specify the permissions on the root folder of the share, instead of setting share permissions. Do not set permission shares because the permissions are only applied to that share. Instead, use the master replica to set file permissions.
If you want to inherit permissions from a parent directory, set the permissions on a master replica to prevent confusion and conflicts. You can also deny the change permissions user on the root folder of the replica members.
The share permissions are used in replica set members to prevent clients from connecting to hub DFS servers. This can also be used to grant users rights based on their group or locality.
To activate inheritance on a shared folder, click to select the Apply these permissions to objects and\or containers within this container only check box.
Inherited permissions are propagated on the folders and files by the replica on which the source is created.
Inherited permissions can be overridden when you reset the permissions. To reset permissions, in the share properties dialog box, on the Permissions tab, click to select the Reset permissions on child objects and enable propagation of inheritable permissions check box.
To block inheritance of permissions, on the Permissions tab of the share properties dialog box, click to clear the Allow inheritable permissions from parents to propagate to this object check box.
301198 HOW TO: Share Files and Folders Over a Network (Domain)