diff --git a/config/alfresco/domain/transaction.properties b/config/alfresco/domain/transaction.properties
index 43700be23c..f0d6d6d583 100644
--- a/config/alfresco/domain/transaction.properties
+++ b/config/alfresco/domain/transaction.properties
@@ -3,7 +3,7 @@
 #
 server.transaction.mode.readOnly=PROPAGATION_REQUIRED, readOnly
 # the properties below should change in tandem
-# server.transaction.mode=PROPAGATION_REQUIRED, readOnly
-# server.transaction.allow-writes=false
+#server.transaction.mode.default=PROPAGATION_REQUIRED, readOnly
+#server.transaction.allow-writes=false
 server.transaction.mode.default=PROPAGATION_REQUIRED
 server.transaction.allow-writes=true
diff --git a/config/alfresco/network-protocol-context.xml b/config/alfresco/network-protocol-context.xml
index ed154e3f11..170cd26ba1 100644
--- a/config/alfresco/network-protocol-context.xml
+++ b/config/alfresco/network-protocol-context.xml
@@ -66,6 +66,7 @@
       <property name="fileFolderService"><ref bean="FileFolderService" /></property>
       <property name="mimetypeService"><ref bean="mimetypeService" /></property>
       <property name="permissionService"><ref bean="permissionService"/></property>
+      <property name="allowWrites"><value>${server.transaction.allow-writes}</value></property>
    </bean>
    
 </beans>
\ No newline at end of file
diff --git a/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java b/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java
index ed7823580e..cfcd5522b0 100644
--- a/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java
+++ b/source/java/org/alfresco/filesys/smb/server/repo/CifsHelper.java
@@ -64,6 +64,7 @@ public class CifsHelper
     private FileFolderService fileFolderService;
     private MimetypeService mimetypeService;
     private PermissionService permissionService;
+    private boolean isReadOnly;
     
     // Mark locked files as offline
     
@@ -74,6 +75,7 @@ public class CifsHelper
      */
     public CifsHelper()
     {
+        isReadOnly = false;
     }
     
     public void setDictionaryService(DictionaryService dictionaryService)
@@ -101,6 +103,24 @@ public class CifsHelper
         this.permissionService = permissionService;
     }
 
+    /**
+     * @return Returns true if all files/folders should be treated as read-only
+     */
+    public boolean isReadOnly()
+    {
+        return isReadOnly;
+    }
+
+    /**
+     * Set whether the system allows files to be edited or not.  The default is
+     * to allow writes.
+     * @param allowWrites true to allow writes, otherwise false for read-only mode
+     */
+    public void setAllowWrites(boolean allowWrites)
+    {
+        this.isReadOnly = !allowWrites;
+    }
+
     /**
      * Enable marking of locked files as offline
      * 
@@ -216,7 +236,7 @@ public class CifsHelper
             
             String lockTypeStr = (String) nodeProperties.get(ContentModel.PROP_LOCK_TYPE);
                     
-            if ( lockTypeStr != null)
+            if ( lockTypeStr != null )
             {
                 // File is locked so mark it as read-only and offline
 
@@ -256,8 +276,16 @@ public class CifsHelper
         
         // Read/write access
         
-        if ( permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED)
-            fileInfo.setFileAttributes(fileInfo.getFileAttributes() + FileAttribute.ReadOnly);
+        boolean hasPermission = permissionService.hasPermission(nodeRef, PermissionService.WRITE) == AccessStatus.DENIED; 
+        if (isReadOnly || !hasPermission)
+        {
+            int attr = fileInfo.getFileAttributes();
+            if (( attr & FileAttribute.ReadOnly) == 0)
+            {
+                attr += FileAttribute.ReadOnly;
+                fileInfo.setFileAttributes(attr);
+            }
+        }
 
         // Set the normal file attribute if no other attributes are set
         
diff --git a/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java b/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java
index e37eab5004..f9d87c1849 100644
--- a/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java
+++ b/source/java/org/alfresco/filesys/smb/server/repo/ContentDiskDriver.java
@@ -32,6 +32,7 @@ import org.alfresco.filesys.server.core.DeviceContextException;
 import org.alfresco.filesys.server.filesys.AccessDeniedException;
 import org.alfresco.filesys.server.filesys.AccessMode;
 import org.alfresco.filesys.server.filesys.DiskInterface;
+import org.alfresco.filesys.server.filesys.FileAttribute;
 import org.alfresco.filesys.server.filesys.FileInfo;
 import org.alfresco.filesys.server.filesys.FileName;
 import org.alfresco.filesys.server.filesys.FileOpenParams;
@@ -467,7 +468,14 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface
      */
     public boolean isReadOnly(SrvSession sess, DeviceContext ctx) throws IOException
     {
-        return false;
+        if (cifsHelper.isReadOnly())
+        {
+            return true;
+        }
+        else
+        {
+            return false;
+        }
     }
     
     /**
@@ -505,9 +513,19 @@ public class ContentDiskDriver implements DiskInterface, IOCtlInterface
                 if ( pfile != null)
                 {
                     // DEBUG
-                    
                     if ( logger.isDebugEnabled())
                         logger.debug("getInfo using pseudo file info for " + path);
+                    
+                    FileInfo pseudoFileInfo = pfile.getFileInfo();
+                    if (cifsHelper.isReadOnly())
+                    {
+                        int attr = pseudoFileInfo.getFileAttributes();
+                        if (( attr & FileAttribute.ReadOnly) == 0)
+                        {
+                            attr += FileAttribute.ReadOnly;
+                            pseudoFileInfo.setFileAttributes(attr);
+                        }
+                    }
                     return pfile.getFileInfo();
                 }
             }
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java b/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
index e8d1225381..ff6e421707 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
@@ -16,11 +16,14 @@
  */
 package org.alfresco.repo.security.permissions.impl;
 
-import net.sf.acegisecurity.AccessDeniedException;
-
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.dao.InvalidDataAccessApiUsageException;
 
+/**
+ * Interceptor to translate and possibly I18Nize exceptions thrown by service calls. 
+ */
 public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
 {
     private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
@@ -36,10 +39,14 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
         {
             return mi.proceed();
         }
-        catch(AccessDeniedException ade)
+        catch (net.sf.acegisecurity.AccessDeniedException ade)
         {
-            throw new org.alfresco.repo.security.permissions.AccessDeniedException(MSG_ACCESS_DENIED, ade);
+            throw new AccessDeniedException(MSG_ACCESS_DENIED, ade);
+        }
+        catch (InvalidDataAccessApiUsageException e)
+        {
+            // this usually occurs when the server is in read-only mode
+            throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
         }
     }
-
 }