Hello everyone,
TLDR version: I need to configure a single UNC share to host data across multiple file servers and utilize Access-based Enumeration. A DFS namespace isn't going to fit the bill because of the way ABE works in DFS. Does anyone know how this
might be accomplished?
Our idea: We would like to map a single drive to a UNC path. This UNC path is a single view for all employees in the company. We want to use Access-based Enumeration so that users will only see the folders they have access to. As an example,
the UNC share might have the following folders (we'll actually have more, but I used four folders for simplicity):
- HR
- IT
- Sales
- Shared
When creating these folders in a share and enabling access-based enumeration, it works just fine. As an IT worker, I only see the "IT" folder and the "Shared" folder; "HR" and "Sales" are hidden from view. However, we have a lot of data and for backup and restore purposes our backup folks don't want to put all of it on a single logical disk. Because of this, we wanted to use DFS to create a namespace and then use DFS Folders to direct users to the appropriate server and share (we'll have the data on multiple file servers and multiple disks on those file servers). This would allow us to provide a single view for all employees and map everyone to the same location.
Our problem: It turns out that DFS will not hide the DFS folders from view unless I configure the "Set explicit view permissions on the DFS folder" setting in the DFS Management console and explicitly deny a group/user read access.
We only want users to see the data that they have access to (i.e. access-based enumeration) but that isn't going to work for us because of the way we plan to do permissions (we aren't using dynamic access control yet).
I've looked into Server 2012 R2 Storage Spaces a bit, but we already have a SAN and this doesn't seem like the solution we need. That said, our entire method might be "the old way" of doing things. I'm hoping to get some feedback and suggestions
about how others have accomplished something similar. Cloud-based storage is not an option for us at this time. Any help is greatly appreciated!
-Matt