Evaluating Default Shares
In SBS Server 2008, a number of default shares are promulgated from the SBS Server. Excluding the "hidden" shares, these include:
- Address
- ExchangeOAB
- NETLOGON
- Public
- RedirectedFolders
- SYSVOL
- UserShares
- Printers
Therefore, it follows that a useful exercise in rights deployment might be to recreate a couple of these shares on a NexentaStor system and detail the methodology. I have chosen the NETLOGON and SYSVOL shares as these two represent default shares common in all Windows server environments. Here are their relative permissions:
NETLOGON
From the Windows file browser, the NETLOGON share has default permissions that look like this:
Looking at this same permission set from the command line (ICALCS.EXE), the permission look like this:
The key to observe here is the use of Windows built-in users and NT Authority accounts. Also, it is noteworthy that some administrative privileges are different depending on inheritance. For instance, the Administrator's rights are less than "Full" permissions on the share, however they are "Full" when inherited to sub-dirs and files, whereas SYSTEM's permissions are "Full" in both contexts.
SYSVOL
From the Windows file browser, the NETLOGON share has default permissions that look like this:
Looking at this same permission set from the command line (ICALCS.EXE), the permission look like this:
Note that Administrators privileges are truncated (not "Full") with respect to the inherited rights on sub-dirs and files when compared to the NETLOGON share ACL.
Create CIFS Shares in NexentaStor
On a ZFS pool, create a new folder using the Web GUI (NMV) that will represent the SYSVOL share. This will look something like the following:
