AD DC and File Permissions

  • Thread starter Thread starter Yor Suiris
  • Start date Start date
Y

Yor Suiris

I appear to have a conflict in my AD with regrads to file permissions on my
DCs.
Specificly the winnt\ntfrs folder.
Could someone maybe explain where these permissions are generated. Such as
are they set on each server seperatly or are they contained in a Global
Policy?
 
File permissions can be set by using group policies but policies are not
responsible for the permissions on the ntfrs folder. The default
permissions on most folders come from security templates such as "setup
security.inf" or rootsec.inf. It is recommended that you do not apply a
policy that changes permissions to the domain controllers OU. The policy is
refreshed every five minutes on a DC and if it re-acls the files and folder
every five minutes you may experience performance issues.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
And how do I tell if there has been a policy set or used to change folder
permissions. In AD I show the Default policy where I can set things like
password requirements and deny or allow log on, services, etc,. But there is
NIL about file permissions there. Like you suggest that it would cause a
performance problem, so then, where do I check if a policy is in effect on
file permission?
 
The Group policy setting for file and folder security is found under
\computer configuration\windows settings\security settings\file system. You
will see files and folder listed in the right pane if security has been
configured for files or folders. Check this location in each GPO that
applies to the DCs.

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks Tim, is just what I needed to know. There are no File Policy's set on
my machine, great! I think?
Again Thanks....yor
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Site Replication - Enforced Star Topology 3
"MS DTC could not correctly process a DC Promotion/Demotion event. 3
Win2000 DC Question 2
Unable to local DC ......... URGENT 1
(another) DC replication problem 8
Adding a w2k DC to a w2k3 domain 1
DHCP Delegation 2
DC demotion problems 2

Back
Top