On my 2008r2 server (server2) I have the following shares:
DFS Namespace share - Data, Local Path - C:\DFSRoots\Data
SMB Shared Folder - Data$, Local Path - D:\Data
For the DFS Namespace "domain.com\Data",
I have 2 DFS Namespace Servers as follows:
The above server with the shares, which shows the path \\server2\Data
Another Server at a remote site, which shows the path \\server3\Data
On the File System and Data$ share on server, for the D:\Data directory, there are no inherited permissions.
IF I look at the permissions on \\domain.com\Data, I see USERS are inherited from "Parent", with READ, EXECUTE, CREATE, etc.
This is obviously giving users rights where we do not want.
Should I just delete the DFS Namespace Server (server2), delete the DFS Share "Data", and then add back server2 as a namespace server with the path pointing to\\server2\Data$ ??