I have two Windows 2008 Standard servers running DFSR okay. I can create a file on one server and it is replicated to the other okay, etc. I have the namespace shared folder on each server shared with Full Control for Administrators and Modify permissions for Everyone.
I then browse to the folder on server 1, e.g.
\\server1\namespace\share\folder1
.I right-click the folder and configure the NTFS permissions as I would like them to be. For example Administrators Full Control, one user Read/Write access, and no other users in the user list.
I save this and then double-check the second server, e.g.
\\server2\namespace\share\folder1
.I right-click the same folder name as before and can see the NTFS permissions have replicated accordingly.
I right-click the folder and go to Properties > Security > Advanced > Effective Permissions and select a user that shouldn't be able to get into that folder, e.g. testuser. It agrees with the NTFS permissions and shows that testuser has no ticks next to any permissions and so should be denied access.
I logon to any network PC or the server as testuser. I browse to
\\server1\namespace\share\folder1
. It lets me straight in, no access denied messages. The same applies to server2.
It seems as though all my NTFS permissions are being ignored. I have one DFS share and then all the subfolders are a mixture of private folders and public folders so I need the NTFS permissions to work like they usually do. Any idea whats going on? Is this normal? From my tests all users can access any DFSR folder under the namespace\share which is quite worrying.
Thanks
The details in your question make it sound like you're doing everything right. But in the interest of troubleshooting, I would probably take DFS out of the equation first. Just setup the share on one of the servers and make sure connecting directly to that share works how it's supposed to. Then add DFS back into the mix and see if it breaks. At the very least, it should verify whether your problem is specifically related to DFS or not.
You might also double check that the subfolder you're accessing is properly inheriting permissions from the parent (assuming it's supposed to be in the first place).