Group Policy to secure DFS Share

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,

Is it possible to use group policy to secure distributed file system shares
on member servers, so that administrators of those servers can only read the
DFS shares, not take ownership of the files or write to them, thus affecting
replication throughout the organization?

Any comments about this or expierences would be appreciated, and I'll buy
you a Starbucks.
 
Hi wosully,

AFAIK, no.

Administrator can always take ownership.

br,
Denis
 
Wouldn't group policy be able to stop a group from taking ownership through
the File System permissions setting, under Widows settings, security
settings? It looks like it could, but I don't know if it woould work with
DFS and if admins really could take ownership then.
 
wosully said:
Wouldn't group policy be able to stop a group from taking ownership through
the File System permissions setting, under Widows settings, security
settings? It looks like it could, but I don't know if it woould work with
DFS and if admins really could take ownership then.
Click to expand...
 
Hi,

Pls point out exactly which policy that stops administrators from taking
ownership which I am not aware of.

If administrators cannot take ownership, then you might end up with files
that no one can access.

br,
Denis
 
If the issue is of trusting the administrators on a domain to not 'abuse' or
'misuse' their 'power', then perhaps they should not be administrators?

Ken
 
I have tested and there is NO policy at all that can restrict an individual
with administrative rights on a computer from taking ownership; however, we
can set file permissions on the folder through group policy, but the
individual could still take ownership, change permissions, then, at group
policy refresh, the file settings are changed back, but the file changes
would have already taken place.

I agree that they should be trusted or not be administrators, and this is
the only policy I support, and will continue to do so.

These admins are file server admins, but some of them are not knowledgeable
regarding DFS and the replication consequences of introducing too many files
tp the DFS system.

Thanks again for the responses and thoughts.
 
Back
Top