We have an existing DFS Replication and Namespace group that we use to serve the company's files.

This has been operating fine for us for some time now, and continues to do so. however a situation arose yesterday afternoon that has led us to be stumped.

The problem is that we have our name space presented as :
\\domain.co.uk\public\[8 or 9 folders that are mapped to the users in the business]

We had a problem this morning that meant that a number of users started mapping their AD Home Drive directly to the \\domain.co.uk\public directory and we found that they had read/write. This rapidly became a problem as a at least one director saved some moderately sensitive documents in there and basically anyone could read them.

I've tidied up that specific problem with some deft scripting and a slight modification of group policy.

However I would like to make \public read only, the trouble is I can't work out where the ACLs for that folder would be held.

All the folders that are presented as \\domain.co.uk\public\[folder] are 'real' folders on logical volumes on our DFS servers so are secured with groups that are applied via the 'security' tab.

I'd like to do the same on \public but I can't find it. I have looked through amongst other things \Sysvol\domain.co.uk but can't find it and after a lot of clicking and a bit of reading I can't see how to lock it down.

Any thoughts?