ActiveDirectory/DNS and Folder Share Permissions
I have a remote office connected to Headquarters over a WAN. The HQ provides DNS, ActiveDirectory, etc. The remote office is not allowed to use Workgroups.
At the remote location I designate 1 machine to be a server and I have 2 clients that want to access the 1 designated server. All 3 boxes are at the remote office,
I create a share on the server and give 2 local site users permissions to the share. These users are domain\usernames. Now the clients both have access to the share on the server and all is good.
The Problem: Sporadically, the remote location loses internet and thus loses access to the WAN services such as DNS/ActiveDirectory, etc. At this point my clients cannot access the share. Is there a solution to this situation? Also, using
local accounts/workgroup is against corp policy so Domain names are required for logins/permissions, etc. When the WAN is down my shares are dead.
Any ideas on how I can resolve this?
Hi,
As you said without WAN, authentication will be failed so domain accounts cannot be verified to access the share.
The solution is to build-up a DC or a RODC - you can upgrade your file server to RODC so that it could help handle this kind of issue.
If you have any feedback on our support, please send to [email protected]
Similar Messages
-
Want to modify sysvol and netlogon share permissions
HI all,
As per security concern we need to remove the everyone from share permission on SYSVOL and NETLOGON share.......can anyone provide me the suggesstion for the same...or any documented article which says that how to do it or what precaution showld we take....
Or if the permission is by design has any document or Kb article which says the permission should not be changed.
Appreciate any help.
Thanks........
Ahmed Gaziyani Enterprise Admin.Hello,
If you remove such permission then you will have issues in appliance of group policies and netlogon scripts on your users. Users should have at least read permission on the SYSVOL folder so that group policies and netlogon scripts will be applied.
More if you ask them here: http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
SCCM 2012 R2 and NTFS\Share permissions auditing and inventory
Does SCCM 2012 have the ability to run inventory and audit reports on client systems' NTFS and Share permissions?
Any help would be greatly appreciated, as always.
ThanksNot built-in no. See this post for adding share permissions:
https://social.technet.microsoft.com/Forums/systemcenter/en-US/31be4d1c-28d3-4f67-a2f6-823ab2b13d1e/how-to-collect-share-permissions
For NTFS permissions, something similar could be done if you had a limited set of folders or files that you wanted to inventory.
You could also use compliance settings to track if/when specific permissions change.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Difference between Share Permissions and Security NTFS Folder Permissions
What is the main difference between share and security in
1. 2003 server and above:
2. How in Organisations share data folder for users
AS per me i Have following conclusion
1.
Yes - Always open up Share permissions to Everyone-Full and the ACL (apply permissions) to the actual data
folders (must be NTFS). With NT4 and W2000 you can leave the Share permissions at default when you create them and just ACL the NTFS data structures.
With W2003, the default Share permission is locked down to Read, and as Share permissions over-ride NTFS permissions,
even if you have Write access in the data folders, accessing via the Share will restrict to Read-Only, so you must open up the Share permissions on all new W2003 Shares that you create.
2.
Yes you can. Share the top level directory of your data. Open up the Share permissions to Everyone - Full,
and then ACL the sub-folders appropriately for you different user access requirements. Don't permission (ACL) any data with 'Everyone' always use Groups (or users if you must...e.g. Home Directories), and at minimum for 'public' data use 'Authenticated Users'.
Users will all be able to access the share, but only access folders and data that you allow via the NTFS permissions (ACLs).
The only other way is to create separate shares for each different access requirement - a pain and none too
flexible. Also if with W2K3 you leave the default Share permission (Read), even though you grant 'Write' NTFS permissions on the data, your users won't be able to write new data or make changes if they access via the Share, as Share permissions over-ride the
NTFS permissions.
If You have any other options so please suggest me or otherwise mark it as AnswerSounds good. :)
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
Delegation and folder permissions via outlook
I've a question about delegation via outlook.
There are 2 different requests from our users:
1) share the mailbox for reading and writing. (without delegation)
2) delegate access to calendar without mail/contacts.
How is delegation working in Beehive?
I've found 2 ways of giving access to your mail:
1) set the permissions for a user on a folder by rightclicking on the folder. via permissions.
2) via tools/options/delegates.
What is the best way to give other users access to your mailfolder?
Thanks, EdwardTo my knowledge, delegation is not in the user preferences, but can be found withing beehive central (e.g. http://myserver:myport/bcentral/action?page=delegation).
We tested that delegation successfully using the outlook client.
We would like to see an option to centrally administer such delegations: an employee that has fallen ill may contact the administrator, telling him: please allow my colleague ... to check my mail / have a look into my calender, without giving away his user credentials.
Regards, Thomas -
File and folder permissions for Adobe Photoshop CS5
Good day,
I am an IT specialist and I work for a Canadian governement agency and we are having an issue with Photoshop CS5. After successfully installing Photoshop CS5 from the Adobe Creative Suite 5 Design Premium set(using a local machine administrator account), Photoshop crashes immidiatly after launching it(even with the local administrator account). The exact error message is as follows:
The instruction at "0x230dad8dc" referenced memory at "0x00000000". The memory could not be "read".
Click on OK to terminate the program
Click on CANCEL to debug the program
I know this is an environement issue and not an application or hardware issue since I was able to successfully install and run Adobe Photoshop CS5 on a plain vanilla install of Windows SP3 XP on the same model of workstation(HP DC7800). This later also confirms it is not a RAM or video adapter issue either. My experience tells me it would be more related to file/folder permissions on the workstation(although I'm open to other suggestions). Because we are a governement agency, our workstations have machine and user policies and desktop configurations that get applied to the workstations automatically upon joining our domain via GPOs and SMS. Certain system files and folder permissions may be locked down for security reasons therefor I was wondering is someone has a list of files and folders that Adobe CS5 needs access to upon startup in order to properly function?
If anyone would like more details or information please let me know and I'll try to be more specific.
Thanks in advance to all who take the time to read and help out!I appreciate that you're trying to surmise what's different, and it's good that you have had success with similar/identical hardware. At least you know it can work.
However, I wouldn't bet just yet that it's a permissions issue. I'd think you should get a specific error if a locked-down file needed to be accessed, not a null pointer crash. The Photoshop installer should be setting up the proper permissions on its own files for it to run.
Is it exactly the same video card as the other computer, on which Photoshop works?
Are you sure the video drivers are up to date with the same version as on the other computer?
At exactly what point during startup does the failure occur (i.e., is the splash screen showing, and what does the status line in the splash screen say it's doing)?
-Noel -
Default File and Folder Permissions
Hello everyone,
Is there anyway to set a default file/folder permissions for a parent folder and then if any new files or folders get created within that folder that files use 0644 and folder use 0755? I'm running MAMP for a localhost test site to run Joomla CMS, I have the parent folder set to 0755 but when ever I install a new extension in to Joomla the files are not writable. Is there a way I can set the main parant plublic_html / www folder to work like this for new child files and folders?
Thanks guys.Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
Feedback -
QTSS file and folder permissions
I am having a lot of problems getting QTSS and QTSS Publisher working correctly. I think this may be due to file and folder permissions. Does anyone know what the correct ownership and access settings should be for the folders containing my quicktime files?
Thanks.Try setting the ownership and permissions of those files to the ones mentioned on the end of this page, which are: owner: qtss, group: admin, permissions for owner and group: Read & Write, and Read only for others.
(13414) -
SCCM 2012 report on computers with local shares and share permissions
Very new to SCCM 2012, want to put together a report to show computers with local shares and the permissions on those shares (for security purposes, need to investigate any systems that have open shares_.
Managed to add and now collecting information that populates v_gs_share and I have a handle on the report itself, just wondering how to collect the share permissions - I've seen other qustions on the boards that are similar but reference earlier versions
of SCCM so wondering how to do it in 2012.
ThanksSo, where are you at? The script is running, and the clients have the data in their local WMI namespace, root\cimv2\sms_sharepermissions ?
So all that's left is to modify hardware inventory to pull that custom WMI Namespace in? If so, it's not too horrid. Take note of a workstation (or server) to which you have remote rights to; and which has run the script, so that on THAT specific
machine, root\cimv2\SMS_SharePermissions exists.
In your CM12 Console, Administration, Client Settings. Right-click "Default Client Settings", Properties. On the left, select "hardware inventory". then on the right, Set classes..., now the fun part.
Add...
Connect..., and put in ThatServerOrWorkstation (for computername), and wmi namespace is root\cimv2. Click the option "recursive", Connect. (the trick here is rights to the target).
From the results, it might be easiest to click on "classname" at the top for sorting, then go find SMS_SharePermissions. Select that, ok ok ok ok (however many times you need to agree); and... we're done here. Sit and wait for inventory to report
that data up. If you're paranoid, you can monitor dataldr.log; and force policy refreshes and hinv deltas on some boxes; but the key is patience. if you think you've waited long enough; you probably haven't. ;)
Standardize. Simplify. Automate. -
ICS with Virtual AP DNS and Shares
I have configured ICS with an virtual AP for my WLAN adapter.
This is working well. I can connect to it and I have a internet connection.
Now my problem is that I have a Server with AD, DNS, DHCP and Shares on my network and I want that the clients have access to these.
Is it possible to configure the ICS so that the WLAN client will get in the same network as my ethernet adapter? So that they get the IP from my Server and not the local machine. If not, is possible get access to all other services of my server? And is possible
to get access to the Shares on that server?
EDIT: I have tested again and it seems everything is working only DNS is not working. I cant get that the clients has the server as DNS and not the local machineHi,
Did you mean you have configured ICS on your hosted network?
How to create a wireless ad hoc for internet connection sharing in windows 8
http://microwindows8.blogspot.jp/2013/01/how-to-create-wireless-ad-hoc-to.html
Here is the guide to configure ICS.
Also I would like to know whether you have set the static DNS server as your own on the other device use the AP.
Would you please post back more detailed information you want to implement and the draft of your network structure? This will be more helpful for us to identify your issue.
Kate Li
TechNet Community Support -
Mac Mini file server with 10.5.8 and folder permissions
Our office has a Mac Mini we use as a file server. We each connect over our network with a common user. All of the folders we use are on the root. When one creates a subfolder, the permissions on the new folder are read only. One has to go on to the mini and reset the permissions rw- for 'everyone' then all is well. Is there a way to create a user which we would use to connect from our own mac that will be allowed to create folders with rw- permissions?
If you are using the Go menu "Connect to Server" and logging in with a generic Server User-name and password, the permissions of any files you create should be those of the Server User with which you logged in.
If you are just clicking on a sidebar item and using the Finder WITHOUT logging in as a unique User on the Server, the files you create will be owned by the Creator (not the generic Server User) and follow the Creator's permissions.
I find I am sometimes already connected as a guest, and the login dialog does not come up. If I want specific permissions on the Server, I need to eject the Server drive and Connect to Server again. This time I get the login dialog and can enter the username I desire. -
Does simple file and folder sharing on an iMac work with OSX Server?
Hi There
I wonder if I should install OSX Server on an iMac wher several users work on the same files and folders.
My question - before I do something I might regret:
Does simple file and folder sharing on an iMac within several users really work with the help of OSX Server?
All I want to be able to do:
Admin creates a new folder1 and gives it read- and write access for user1 and user2.
User1 creates a subfolder1 in folder1, and a document1 in subfolder1.
User2 edits document1. Later Admin edits document1.
All these simple editing of files and folders (and subfolders) within a main folder should be possible. This is not possible now.
Is everything clear? I'm not a network specialist or something, I just want to give some co-workers access to some data on my computer without problems.So what you need are recursive permissions.
I suggest you create a group and add user1 and user2 to that group. You can name that group whatever you want, but for now i will call it FSUsers
Execute this in terminal. Replace FSUsers with your new group
sudo chmod -R +a "FSUsers allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit" /Users/Shared/*
Replace /Users/Shared with the location of your shared folder. Make sure you keep the /* at the end (this allows all subfolders and files to get the same permissions.
If you need to add people to the share just add them to the FSUsers group, the FSUsers group should should also be allowed in the sharing preferences. -
Permissioning and folder sharing issues on domain
We are new to Active Directory. I am experimenting with folder and sharing permissions in an effort to get to where we can secure network folders for access to only certain individuals.
I am running into inexplicable behavior.
On a domain joined server, I have created a folder called "for ITADMIN". This folder should only be accessible to members of the ITADMIN domain security group. I disabled inheritance on this folder first. Then, in the Security
tab, I have set it up such that there are only two security principals in the ACL: SYSTEM and ITADMIN, both of which have full control.
On the Sharing tab, I went to Advanced Sharing and clicked the Permissions button. Here, I set my sharing permissions. There is only one security principal in this ACL, ITADMIN, and ITADMIN is granted full control.
At this point, I am still logged in to the domain joined server with my own user account. My user account is a member of ITADMIN. I can open Windows Explorer and browse through the "for ITADMIN" folder freely.
Now, I log in to our Domain Controller with my user account. In Windows Explorer, I type in the UNC path to the domain joined server hosting our shared folders (\\machinename). I see the shared folder "for ITADMIN". When
I try to go into it, I receive an error:
"Windows cannot access \\machinename\for ITADMIN. You do not have permissions to access \\machinename\for ITADMIN. Contact your network administrator to request access?
I am a member of the ITADMIN group. ITADMIN is the owner of the shared folder, has Full Control security permissions, and Full Control sharing permissions. Why in the world is this behavior occurring?
Additional Info: Could this be a problem when trying to access shares from the domain controller? While I don't anticipate needing to do this from the DC on a production basis, it still seems bizarre.
Additional Info: my ITADMIN group is a global group. Could that be posing a problem?Nevermind. I neglected to log out and log back in after making permissions changes, thus my account's security token was not getting updated.
-
Share permissions issue - users reporting files readonly
I have setup a share and the users need to have access to read,modify, write, delete on the files/folders in the new share. The users. For this:
1. I added the user AD group to the Share Permissions and set 'Change' for the permissions. I noticed that there was already a group called Everyone here and had 'READ' permissions. I did not make any changes to this Everyone group.
2. I added the user AD group to the NTFS Permissions and set 'Modify, Read&Execute, Read, Write' permissions.
It seems the users are seeing the files as 'read only'. They can view and open, but are not able to edit the file. What might be the issue?
RegardsHi,
I have added share and NTFS permissions the same as yours on a shared folder and I can eide files within the shared folder. Please check the NTFS permissions of the files in the shared folder to see it the NTFS permissions are inherited to the chiled files
from the parent folder.
HOW TO: Control NTFS Permissions Inheritance in Windows
http://support.microsoft.com/kb/313398
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Clustered File share Permissions won't set (with error)
I have a s2012r2 cluster with a file server. When i go to create a new share it creates with read only permissions and i cannot change it to full or read/write. it is just the share permissions that won't set. when i create a share the error i get is "The
Cluster Resource could not be found." if i try to edit the share permissions the error is "Error Occurred while update an SMB share: The cluster resource could not be found" the admin share is working perfectly and the folder permissions are
accurate.
The only solution to this problem i have found online that worked for someone is to destroy the cluster and rebuild it. I really don't want to do that.Hi RaVell(Pinki),
This error typically occur when
we have added the Disk from Available Storage to the File Share Server Group, please refer the following KB solution to avoid this action.
You may receive error messages when you share a folder in a Windows Server 2008 failover cluster
http://support.microsoft.com/kb/947051
More information:
Advanced resource configuration in Windows Server 2008 failover clusters
http://support.microsoft.com/kb/947050
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
My itunes will not sync because it says I need 52MB of space, however, I have 155MB of space left according to settings, it is an 80GB version with 11750 tunes on,73.95 GB used and no other media, so it would seem it should have space, can anyone hel
-
Process Email Attachment in Bpel and then Check-In the Document to WCC
Hello Techies, I am new to Soa Application and Bpel. I am creating a Soa Composite application(using Jdev 11.1.1.6) which will poll for incoming Email. This polling is done using the UMS adapter which is working fine for me. Then i have to process
-
How do we specify user and his manager hierarchy in weblogic
Hi, I am trying to find out the way to implement org hierarchy in weblogic ldap so that I can leverage it in human task. Any suggestions ? Thanks in advance. Sai
-
How to find 'Changes or LOGS on INFOCUBE'
Dear Friends, How to find the changes on any INFOCUBE or ODS or MULTIPROVIDERS, like data loading, and any key figures, Chanractaeristics removed or added. Can we have any logs for the same. Pls help me. Thanks in Adavnace, DORA
-
Hi Experts, I am layman of this kind of Abap language.Now my job requires to understand these things also.As SD functional Consultant,I need to understand the following things.Can anybody guide me how to understand these kind of stuffs. FORM KOBED_00