Try   HackMD

DFS 命名空間權限

目錄



一、WindowsServerDFS設定

1. 開啟命名空間中「啟用此命名空間的存取型列舉」

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

2.開啟資料夾「啟用存取型列舉」功能,因為這個功能沒有互相抄寫,所以若是你的DFS Server伺服器有多台,就就需要將全部的DFS Server進行修改

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

3.進行第一層判定,限制哪些使用者、群組可以看得到「命名空間」資料夾,圖中不太會使用Administrator進行測試,會使用管理員僅是作為示範

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

4.第二層判定設定,對其點右鍵內容,限制共用資料夾權限,這裡設定的權限優先級高於後面的權限,所以不建議將進行群組的新增,建議Everyone設定可讀寫,並且不影響到ABE的功能

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

5.第三層判定,屬於使用者檢視的層級,對子資料夾進行權限管理,修改處如圖所示。舉修改範例:將整個公司可以查看的權限移除,僅留下人資部、資訊部可以看到的權限,其他公司同仁皆無法查看此資料夾

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

二、三大權限整理

第一層

明確檢視權限,「有哪些人可以在命名空間看得見資料夾」

第二層

共用權限,哪些人可以修改、讀取資料夾

第三層

安全性,進一步劃分資料夾之詳細權限,例如:哪些User可以看到,哪些群組可以看到......等等

tags: DFS Windows Server Windows AD