Login to Account Create an Account
Migrate from Netware 6.5 to Windows 2003 file permissions
Posted 08 February 2009 - 09:37 PM
We have had enough of our Novell Netware servers and the lack of support that software vendors give Netware.
Therefore, I am trying to migrate our site from our Novell Netware 6.5 servers to a Windows 2003 servers.
Everything was going well right up until the file system. I have worked out a way of migrating all users and groups, but I hate to admit it, but Netware seems to have a much better way of doing it's file system permissions.
Let me explain.
Say I have a share on a Netware server, (I'll use UNC paths) \\fs1\share and map it to a K: drive.
If I have 3 folders in that share...
Within each of these folders I have 3 other folders, "one","two" and "three".
Right, now I give userA read/write permissions to "K:\Folder2\two", when that user browses to the K: drive, he can see:
no more, no less.
When that user changes into Folder two, then that user can now see
no more, no less.
Excellent, works perfectly.
Same folders same permissions.
Assumption: I have given share rights to the "Domain Users" group.
userA can not see K:\Foler2, in fact, that user can not even net use a K: drive \\fs1\share
So what I do is give folder rights to \\fs1\share, but now the user can see all three folders.
But when they try to change into Folder1 or Folder3, they get a "access denied" but they still see the %#$%ing things. Why should they see them if they have no rights!!!!
Also when userA changes to K:\Folder2, the user once again see's all three folder in the next level:
And once again, access denied to "one" and "three", once again, why still see them if there are no rights.
What the problem is, is the appropriate rights do not flow up such as Netware, only down.
I have found a piece of software that I have installed from MS called "Windows Server 2003 Access-based Enumeration", which hides folder which the users do not have rights to. Great, but it only works at the root of the share and I still have to give the rights higher up. IE: \\fs1\share\Folder2
Please, please, I need a solution to fix this very poor windows based file system permission problem as I am hating netware more and more, (except when it comes to the file system)........ Please help me get rid of Netware.
Posted 08 February 2009 - 10:26 PM
Posted 09 February 2009 - 02:01 PM
Without ABE, this is not possible. At least not with what ships with Windows - there may be something third party, but I do not know of anything off the top of my head.
Unfortunately, even with ABE, this does not seem possible. (Which I do have installed)
I’ll summarise my issue.
Give permissions to K:\Folder2\two
Still can’t see K:\Folder2
So, to enable browsing to K:\Folder2\two need to give permissions to K:\Folder2 which then flows down to K:\Folder2\one, K:\Folder2\two, and K:\Folder2\three
Which then makes it necessary to go to each of these three folders and uncheck “Allow inheritable permissions from the parent….”
So, we have two problems. We have thousands and thousands of folders to fix to enable the migration and the whole mind set in how backwards this method is…
Surely I am not the first person migrating from Netware to Windows to struggle with this?
Edited by xanth, 09 February 2009 - 02:02 PM.
Posted 09 February 2009 - 03:16 PM
Posted 09 February 2009 - 09:11 PM
You are quite right in what you say about how the two different types of servers handle their file systems.
I think what I'll probably do is rely on the ABE, remove all rights using scripts to run xcacls to the top 3 levels, then run more scripts to assign the rights at the appropriate 3 levels and then most of all, try and educate both the many users and support staff on the differences.
The users on why they are seeing more folders than they used to. And the support staff on how to let users see folders that are not in the root of the drive.
Posted 10 February 2009 - 07:25 PM
Posted 13 February 2009 - 06:03 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users