Configuring the Appropriate Resource Access

  • Article

During the deployment to the target computers, the deployment scripts connect to the deployment point shares and shared folders. Create accounts for use by the scripts when accessing these resources.

To configure the appropriate resource access

  1. Create additional shared folders.

  2. Configure shared folder permissions.

  3. Configure access to other resources.

On This Page

Creating Additional Shared Folders Creating Additional Shared Folders
Configuring Shared Folder Permissions Configuring Shared Folder Permissions
Configuring Access to Other Resources Configuring Access to Other Resources

Creating Additional Shared Folders

Before starting the deployment, create additional shared folders in which to store the user state migration data and the deployment logs. Table 21 lists the shared folders that must be created and describes the purpose of each. For more information about the planning for these share folders, see “Providing Sufficient Storage for User State Migration Data” and “Providing Sufficient Storage for Deployment Logs,” earlier in this guide.

Table 21. Shared Folders and Their Descriptions

Shared folder

Description

MigData

Stores the user state migration data during the deployment process.

Logs

Stores the deployment logs during the deployment process.

Note   The files in Table 21 are recommended shared folder names. Team members can use any name for these shared folders. However, the remainder of the deployment process refers to these shared folders by these names.

Configuring Shared Folder Permissions

After creating the additional shared folders, configure the appropriate shared folder permissions. Ensure that unauthorized users are unable to access user state migration information and the deployment logs. Only the target computer creating the user state migration information and the deployment logs should have access to these folders.

To configure the shared folder permissions for the folders listed in Table 21, perform the following steps for each folder:

  1. Start Windows Explorer, and navigate to SharedFolder (where SharedFolder is one of the shared folders listed in Table 21).

  2. Right-click SharedFolder (where SharedFolder is one of the shared folders listed in Table 21), and then click Properties.

  3. On the Security tab, click Advanced.

  4. On the Permissions tab, clear the Allow inheritable permissions from the parent to propagate to this object and all child objects check box.

  5. When the Remove when prompted to either Copy or Remove the permission entries that were previously applied from the parent message box appears, click Remove.

  6. On the Permissions tab, click Add.

  7. In the Enter the object name to select text box, type Domain Computers, and then click OK.

    This action allows domain computers to create subfolders.

  8. On the Permission Entry for SharedFolder dialog box, in the Apply onto list, select This folder only (where SharedFolder is one of the shared folders listed in Table 21).

  9. On the Permission Entry for SharedFolder dialog box, in the Permissions list, select Allow for the Create Folders/Append Data permission, and then click OK (where SharedFolder is one of the shared folders listed in Table 21).

  10. Repeat steps 6–9, substituting Domain Users for Domain Computers.

  11. On the Permissions tab, click Add.

  12. In the Enter the object name to select text box, type CREATOR OWNER, and then click OK.

    This action allows domain computers and domain users to access the subfolders they create.

  13. On the Permission Entry for SharedFolder dialog box, in the Apply onto list, select *Subfolders and files only ***(where SharedFolder is one of the shared folders listed in Table 21).

  14. On the Permission Entry for SharedFolder dialog box, in the Permissions list, select Allow for the Full Control permission, and then click OK (where SharedFolder is one of the shared folders listed in Table 21).

  15. Repeat steps 11–14 for each group that will receive administrative privileges.

The permissions set in these steps allow a target computer to connect to the appropriate share and create a new folder in which to store user state information or logs, respectively. The folder permissions prevent other users or computers from accessing the data stored in the folder.

Configuring Access to Other Resources

In addition to the shared folders created, the BDD 2007 scripts may require access to other resources. The resources include application or database servers (such as Microsoft SQL Server™ 2000 or Microsoft Exchange Server 2003).

Access is granted to the credentials specified in the:

  • UserID, UserPassword, and UserDomain properties.

  • Windows Deployment Wizard.

Grant access to the following resources:

  • BDD 2007 deployment point. Configure access to the deployment point created in Deployment Workbench.

  • Any resources accessed by using the ZTIConnect.wsf script. Configure access to resources that are referenced by using the ZTIConnect.wsf script.

  • Any resources on application or database servers. Configure access to applications or databases that are accessed through the SQLServer, SQLShare, and Database properties.

    Note Other connections to the same servers, such as Named Pipes and Remote Procedure Call (RPC), use the same credentials listed above. Use the ZTIConnect.wsf script to establish these connections.

For more information about the ZTIConnect.wsf script, see "Connecting to Network Resources" in the Deployment Configuration Samples Guide.

Download

Get the Microsoft Solution Accelerator for Business Desktop Deployment 2007

Update Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions