locked
DFS mapped network drive - access denied RRS feed

  • Question

  • Hi Denny

    I'm struggling with the following DFS scenario.  We have a customer with a branch and head office.  For redundancy and file access speed we've deployed DFS between the two sites, which has been working well.  More and more staff have been travelling (and working) between sites and we've set-up their Network Drive mappings to company.local (DFS share name) to utilize the local LAN when travelling to their remote office.  

    When at the head office (whether via Terminal Services or LAN access) the drive mappings work as they should.  However, when at the remote office the users can still browse the network drives (on the branch DFS), however cannot make any changes (so seem to be limited to read-only access) and receive the error 'access denied' when saving existing or creating new files

    I've checked the permissions on both locations's DFS's and they are verbatim, and replicate well through DFS.  For testing purposes I've even made changes to permissions, to the extent of allowing 'Full Control' on a test folder for a particular user or group but to no avail.  The only changes to date that allow the user to make changes in their network drive (whilst working remotely) has been to make them an "Domain Admin" (off course this has been done strictly in a test environment).   Once their user profile has been added  as a Domain Admin they can work from either site without any problems (via their domain.local\share drive mappings)

    Just to summarize then.  Users working in HQ can access\change network resources via drive mappings to domain.local\share (DFS) name.  As soon as they travel to their Branch office they receive an error accessing the same share (replicated between domain controllers via DFS) and are unable to change any content in their domain.local drive mapping

    Any help or suggestions would be greatly appreciated.

    Ian

    Tuesday, March 19, 2013 4:31 AM

Answers

  • Hi Ian,

    In a typical configuration, a DFS folder target will still point to a local share on the server in question. Using your example, that would be the branch office file server.

    Have you checked the share permissions on that share? It sounds superficially like that's where the problem is, not with the DFS configuration.

    Cheers,
    Lain

    • Proposed as answer by 朱鸿文 Wednesday, March 20, 2013 2:02 AM
    • Marked as answer by ianduplessis Wednesday, March 20, 2013 8:50 AM
    Tuesday, March 19, 2013 2:58 PM

All replies

  • Hi Ian,

    In a typical configuration, a DFS folder target will still point to a local share on the server in question. Using your example, that would be the branch office file server.

    Have you checked the share permissions on that share? It sounds superficially like that's where the problem is, not with the DFS configuration.

    Cheers,
    Lain

    • Proposed as answer by 朱鸿文 Wednesday, March 20, 2013 2:02 AM
    • Marked as answer by ianduplessis Wednesday, March 20, 2013 8:50 AM
    Tuesday, March 19, 2013 2:58 PM
  • Hi Lain,

    Thanks to both you and Kevin.  It was actually my first post (I've always been to sceptical of posting a question - and believe it or not this issue has consumed quite literally days on and off now).

    You where right on the money I found the single tick box on the branch server root share directory for the DFS (quite ironic that name 'tick' box) that's been the 'itchy' bane of my recent existence .... queue the violin music :) and once I matched the two ends permissions the fat lady sang like you wouldn't believe

    I have another question which follows on from this topic, and originally lead to me posting my first post (which you so swiftly solved).  I'm going to post it as a new topic in hopefully the correct thread regarding drive mappings via logon script to domain.local shares

    Thanks again and 1000 points to Mr Robertson

    Wednesday, March 20, 2013 9:00 AM