[OpenAFS-devel] Windows Terminal Server
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 14 Sep 2005 13:28:05 -0400
On Wednesday, September 14, 2005 03:32:09 -0700 Tim Spriggs
<tims@lpl.arizona.edu> wrote:
> Hi Jeffrey,
>
>> Could you explain how you would have OpenAFS deny the user the ability
>> to execute "NET USE G: /D"?
>
> Good question. I can disable the gui forms of disconnect with gpedit.msc
> but that does not prevent applications (such as net or openafs) from
> mounting/unmounting new drive letters. (What a pain)
>
> It also looks like "net use G: /D" does not care if files are opened or
> not. I'm not familiar with the windows API but it really seems odd to me
> that there is no kind of persistant network share that can be made
> available to users (that isn't deprecated). I guess I am just too used to
> Unix-isms.
There are perfectly good persistent pathnames available to all users, which
are only superficially different from those you'd use on UNIX: \\AFS\*
It might help if you think of drive letter mappings as behaving more like
symbolic links than mounted filesystems. If you make G: map to
\\AFS\GMU.EDU\SOME\PATH, then when a user accesses a file in G:, they are
really accessing that path. Changing the drive letter mapping doesn't
break open files any more than changing a symlink named /G would on a UNIX
system.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA