OK, not sure if I should be posting this on the NT groups or the 2000
groups, but here goes...

We are planning to move all our servers to Windows 2000, but our
workstations will remain NT 4.0. I'm currently going through test scenarios,
and I've discovered something rather ODD...

If I create a share on my 2000 server, my NT workstation can happily connect
to it, and everything is grand. However... if I make this share part of a
DFS and connect to it through DFS, suddenly the NT workstation can't see the
file permissions. This is a big problem. Does anyone have the slightest idea
why this is happening? (I also notice that if I connect to the sharename
directly, I can't map a drive to subfolders of it, but with DFS I can - this
is a useful thing, and one of the reasons I want to use DFS. (The other
being that I can move a share from one server to another and not have to do
anything to the clients.) Interesting...)

To give more details of the exact test I tried...
* 1 PC has Windows 2000 Server SP3 on it. It is a domain controller, and
has WINS, DNS and DHCP on it.
* 1 PC has Windows NT 4.0 Workstation SP6a on it. (This is a member of the
domain that my server hosts.)
* From the workstation, I can connect to \\server1\share1 no problem.
Everything works as you'd expect.
* I can NOT connect to \\server1\share1\subfolderX - which didn't suprise
me, but has always been a pain.
* If I now make a [domain] DFS (say, DFS1), things get interesting...
* I can connect to \\domain\share1 quite happily. However, when I do this,
if I right-click any file, only the "general" tabl is visible. The
"security" tab is not shown.
* I can also connect to \\domain\share1\subfolderX now... which is rather
useful, actually!

Any ideas folks?
Thanks.

Invisible, that is all expected behavior, and I know of no way around
it. The Security tab is not available on file system objects under DFS
shares from W2K clients either.

I only have one DFS share on my network and what I did was create
another hidden sharename for the same folder that is part of the DFS
share and I manage permissions through that share. It's a reasonable
workaround if only your admins will need to manage permissions, but if
you need users to be able to do so as well, it will almost defeat the
purpose of why you are using DFS.

BTW, under NT4, you can "map" to folders under normal shares by using
the subst command. Note that this does not work on W2K clients.

hth

Invisible wrote:
--
Ricardo M. Urbano
Microsoft Windows 2000/NT MVP

Well, no one told *me* about it! *sigh*

"...the whole purpose of using DFS" for me was that I could then replicate
data between servers. However, I have since heard that it actually doesn't
work, so I've decided not to bother. The other reason was being able to map
drives to subdirectories. (Oh, and being able to change which server stuff
is stored on without affecting end users.)

Ah... that's interesting!

Actually, while this does work, drives mapped in this way seem to behave
slightly differently to drives mapped with NET USE... But still potentially
usefull I think. (Does it try to reconnect them after a reboot? Hope not...)

Thanks.

Sorry, Invisible; no one told me about it either. I found out after I
had already put my 500GB file server into production!

As far as reasons for using DFS, the ability to seamlessly move stuff to
different physical servers would probably be the most relevant "problem"
that this behavior causes, but like I said, as long as the user's don't
manage permissions, I think it's something that can be tolerated.

I'm curious by what you mean when you say the subst command doesn't work
like a net use command. The only difference I can think of is that the
UNC path of the subst'ed drive letter doesn't show up in Windows
Explorer, but you can see it by just typing 'subst' (w/o the quotes) at
the command prompt. It is not remapped at login. Here is an example in
my login script:

------------------------------------------------

set PDC=SRADV_COC_1
set FILESERVER1=USA7FILESERVER1
set FILESERVER2=USA7FILESERVER2

REM Determine NTx version

set NTOS=NT4
ver | findstr /i /c:"Windows 2000"
if "%errorlevel%"=="0" set NTOS=W2K
ver | findstr /i /c:"Windows XP"
if "%errorlevel%"=="0" set NTOS=XP

net use G: /delete
subst g: /d
if "%NTOS%"=="NT4" (subst G: \\%FILESERVER2%\cdimages$\NAIC) else (net
use G: \\%FILESERVER2%\cdimages$\NAIC /persistent:no)


-------------------------------------------------------------

That last line will probably wrap in your newsreader...

Invisible wrote:
--
Ricardo M. Urbano
Microsoft Windows 2000/NT MVP