Regarding Disabling SAPMNT Folder Sharing Impact

Similar Messages

• Alternative Solution to sapmnt Folder Sharing

  Hello
  We are installing NW CE 7.1 in Production Environment in Distributed Mode - App Server on one host and DB Server on another host.
  The App and DB server OS are Windows Server 2008 R2 and DB is Oracle 11g. We have successfully installed SCS on the app server and now installing DB Server Instance on the DB Host. While installing the same, the SAP Installtion asks for path of SAPMNT.
  Our Network Team has informed that due to security reasons, in production data center they will not be able to allow sharing of folder from App Server. They have asked us to check if there is any other way of completing our installation without actually creating folder share on App Server.
  We would like to know whether the sharing can be taken out of the server component and the same can be enabled on the different machine and this can be given the UNC path for accessing the same.
  Kindly confirm if this is possible and supported by SAP. Also let us  know if there are some other supported options regarding the same.
  Regards,
  Shubham

  Hi,
  >> I understand that profile file created during SCS Installation is used by DB Instance while installation so that it can read the profile parameters.
  Generally, it is correct.
  >> Also the communication between App Server and DB Server will happen on some port 15XX and not file share port.
  Central service instance,central instance and dialog instance communicating each other by port 39<instance#> or 36<instance#>
  >> So now the question is does DB needs the access to this SAPMNT folder share once the server is started? If can understand if I restart the server the connection might be required as the DB Instance might read the profile file again. Please correct if this understanding is wrong.
  J2EE engine use "sapmnt" share at the bootstrap phase to read secure store lib directory. Additionally, at the very beginning of the startup of the J2EE instance, the jcontrol process reads "instance.properties" file by using "saploc" share.
  In short these shares should be available by the database instance during the runtime.
  >> And If its required does the DB Instance uses this folder share to write any log back to the App Server Log files - defaulttrace, application.log etc?
  Trace files will not be generated, if the J2EE engine not started respectfully under "j2ee/cluster/server<x>/log" folder. As a n additional info, even if the shares dropped during the runtime, the system will continue to generate trace files.
  I hope that everything is clear.
  Best regards,
  Orkun Gedik

• Disable simple file sharing on XP policy

  I have a group policy for xp pc's and want to disable simple file sharing
  (which you can do on a pc in my computer-tools folder options-advanced)but
  i need to do it within gpedit for the policy but cant see the setting,
  anyone have any ideas??
  have tried google but can see nothing also tried ms
  we user netware 5.1, agent 4.0.1 and xp sp1
  thankyou

  > Rolf,
  thanks for your time & help apreciate it , have check the windows xp
  policy we use and this setting is already in place, the funny thing is
  our users our xp power users and when i untick(to disable) the enable
  simple file sharing on a local pc and hit apply and go back into it again
  its reverts back to being ticked (enabled)again, but when i make the user
  an xp administrator (which i dont want to do) it stays unticked,
  hope this makes sence
  anymore ideas would be appreciated
  thankyou
  Check setting 117 on the "Security Settings WinXP; WS2003" -tab in the
  > Reference:
  > http://www.microsoft.com/downloads/d...7821c32f-da15-
  438d-8e48-45915cd2bc14&displaylang=en
  >
  > MMC -> Computer Configuration
  > -> Windows Settings -> Security Settings
  > -> Local Policies -> Security Options
  > -> "Network Access: Sharing and security model for local accounts"
  > -> "Classic - local users authenticate as themselves"
  >
  > Also see:
  >
  http://www.microsoft.com/resources/d...all/reskit/en-
  us/prdd_sec_givt.asp
  >
  >
  http://www.microsoft.com/resources/d...all/proddocs/e
  n-us/506.mspx
  >
  > http://www.winguides.com/registry/display.php/991/
  >
  > Regards
  > Rolf Lidvall
  > Swedish Radio (Ltd)
  > NSC SysOp
  >
  >

• Beehive enhancement for tomorrow: re-add the OBEO sub folder sharing option

  OK, I inadvertently posted a comment meant for an enhancement to be posted tomorrow, so here we go with tomorrows enhancement of the day:
  Talking once more about delegation... There's quite a big fly in the ointment we need to talk about:
  While delegation granting dialogues in OBEO and bcentral take care of permissions for default folders like inbox, sent items, drafts etc. and pseudo folders like calendar or contacts, it does not so for non-default folders.
  We have the case of a superior that has a widely ramified folder structure and granted his secretary access to parts of it. When the secretary changed he changed delegation, and this did not change the non-default acls.
  So far nothing unspectacular. The issue is, that there is no option in OBEO to define permissions tree-wise (nor is there in beectl), so the superior had to walk the whole directory hierarchy to adapt the permissions, each folder requiring multiple clicks.
  There was a permissions dialogue for that in OBEO 1.5, but has been dropped.
  There is an enhancement request I'd ask you to second through MOS:
  10065126: READD THE SUB FOLDER SHARING OPTION TO OBEO
  This ER had the status approved for future release, but product management changed its plans and put it to "Suggestion Rejected".
  a related ER is the following:
  12557969: OBEO PERMISSIONS DIALOGUE SHOULD HAVE A TREE OPTION
  "The Beehive platform is designed from the ground up to be easy to manage." (cited from "Oracle Beehive: A Flexible Collaboration Platform for the Enterprise") - let's hope product management will give us tree perms management, at least in OBEO.
  Thanks, Tom

  As currently product management does not seem to be considering
  readding the desired dialogue (nor a tree switch for beectl perms
  related commands) lets look at our workaround.
  Lets look at it in an example: user user_a has set up a delegation to
  user_b, allowing access to his inbox.
  If you have set this up (using OBEO or BCentral as alternatives) a new
  Principal Record has emanated, that you can list with "beectl
  list_users":
  bhowner@bhhost:~> beectl list_users email addr@mydomain show more
  Display Record: 1
  ===========================================
  User Identifier: user=user_a
  Family Name: user_a
  Principal Record: 6
  ===============
  Principal Identifier: pcpd=145F:5618:user:9B37CFDA0D624736B413FEF81573597400000000000E -> 145F:5618:user:D8D547BB10AD4C079CE3A2604996535B000000000000,user=user_a
  Principal Name: 145F:5618:user:9B37CFDA0D624736B413FEF81573597400000000000E -> 145F:5618:user:D8D547BB10AD4C079CE3A2604996535B000000000000
  Delegated Principal: Yes
  DELEGATOR: user=user_a
  DELEGATED TO: user=user_b
  Lock status: UNKNOWN.
  bhowner@bhhost:~>
  An ACL to the inbox has been generated:
  bhowner@bhhost:~> beectl list_local_acl --entity "fldr=Inbox,wksp=user_a's Personal Workspace,enpr=myenpr"
  ------------------------------------------------------------------+-------------
  accessor | access_types
  ------------------------------------------------------------------+-------------
  ------------------------------------------------------------------+-------------
  pcpd=145F:5618:user:9B37CFDA0D624736B413FEF81573597400000000000E | +RWDO
  -> 145F:5618:user:D8D547BB10AD4C079CE3A2604996535B000000000000,us |
  er=user_a |
  ------------------------------------------------------------------+-------------
  Listed LocalACL for entity 'fldr=INBOX,wksp=user_a's Personal Workspace,enpr=myenpr'
  bhowner@bhhost:~>
  Now we need to generated similar ACLs for all subfolders of
  exampl-fldr, which, being a non-default folder, did not receive any
  ACL:
  So let's connect to BEE_DATA on the BEEDB, preferrable through SQLDeveloper, and run
  SELECT 'beectl add_local_ace --entity "'
  ||trim(TO_CHAR(c.enterprise_id,'0XXX'))
  ||':'
  ||trim(TO_CHAR(c.site_id,'0XXX'))
  ||':'
  ||c.container_type
  ||':'
  ||c.eid
  ||'" --accessor "pcpd=145F:5618:user:9B37CFDA0D624736B413FEF81573597400000000000E -> 145F:5618:user:D55B885774B6457AA0489F596D7DF873000000000000,user=user_a" --access_types "+RWDO"'
  -- , f.name,
  -- , c.path
  FROM bee_data.ws_real_folders f,
  bee_data.ocs_containers c
  WHERE f.eid=c.eid
  AND c.path LIKE '/dla/user_a''s Personal Workspace/exampl-fldr%'
  AND c.container_type='afrh'
  This will generate the beectl commands necessary to work around the
  missing switch. You need to run those commands afterwards.
  Of course this is not supported, but your only alternative is
  right-clicking all of the subfolders of exampl-fldr and grant the new
  user access manually.
  I would be happy if Oracle would enhance this are of user and rights
  management of beehive.
  Regards, Tom
  Edited by: snmdla on Jan 23, 2012 4:20 PM

• Does simple file and folder sharing on an iMac work with OSX Server?

  Hi There
  I wonder if I should install OSX Server on an iMac wher several users work on the same files and folders.
  My question - before I do something I might regret:
  Does simple file and folder sharing on an iMac within several users really work with the help of OSX Server?
  All I want to be able to do:
  Admin creates a new folder1 and gives it read- and write access for user1 and user2.
  User1 creates a subfolder1 in folder1, and a document1 in subfolder1.
  User2 edits document1. Later Admin edits document1.
  All these simple editing of files and folders (and subfolders) within a main folder should be possible. This is not possible now.
  Is everything clear? I'm not a network specialist or something, I just want to give some co-workers access to some data on my computer without problems.

  So what you need are recursive permissions.
  I suggest you create a group and add user1 and user2 to that group. You can name that group whatever you want, but for now i will call it FSUsers
  Execute this in terminal. Replace FSUsers with your new group
  sudo chmod -R +a "FSUsers allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit" /Users/Shared/*
  Replace /Users/Shared with the location of your shared folder. Make sure you keep the /* at the end (this allows all subfolders and files to get the same permissions.
  If you need to add people to the share just add them to the FSUsers group, the FSUsers group should should also be allowed in the sharing preferences.

• Deleted public folder sharing

  I was looking at my iMac and in my home folder there was no public folder, however in file sharing my public folder was said to be shared...
  I can create a new folder called public with a sub folder called drop box but it isn't the same as the one OS X creates. I also deleted the sharing of the public folder in the file sharing pane. If I add my own folder that I made, it just says public as the name of the folder shared, not Alex Lyons's Public folder that is there by default when the folder OS X creates is called public in the home folder.
  How do I restore this?
  Regards

  alex.lyons wrote:
  ye I am I restored the public folder with the drop box sub folder. On my MBP the drop box sub folder has a special icon but not on the iMac since I restored it... Also, I know how to add new folders to sharing, but how can I add it so it says Alex Lyons's Public Folder, without the folder being called that?
  it's possible but surprisingly tricky so you might want to leave it alone. see the post by biovizier in this thread:
  http://discussions.apple.com/thread.jspa?messageID=8041195#8041195
  you'll have to log in as root and edit the file he mentioned using some plist editor like Property List Editor which is part of developer tools.

• How to "Disable Password Protected Sharing" it always switch back (PosReady7)

  Hello,
  I'am trying to disable password protected sharing within PosReady 7? When i'am trying to change it, its switching back.
  I have tried to remove the password from the guest account but also no luck. The computer is not in in the domein.
  Can someone help me with this?

  Also not.
  a workaround: 
  Start - Run - secpol.msc -> Local Policies -> Assign User Rights. 
  "Deny access to this computer from the network" right to search. (Double click)
  correctly, is the user Support_ <number>, but ALL other users (including guest) must be removed

• JSFL - How to disable Author-time Sharing on a library item

  How can I disable author-time sharing on a library item?
  I have tried this:
  if (libraryItem.sourceLibraryName) libraryItem.sourceLibraryName = "";
  if (libraryItem.sourceFilePath) libraryItem.sourceFilePath = "";
  But I get the following error:
  Error: Invalid value for property sourceLibraryName.
  Thanks.

  I don't think you can prevent that (opening the other people's sparsebundle)
  If you need a secure backup, you might have to do it on a separate USB hard drive.

• STILL can't disable SMB file sharing because of incorrect password error

  Hi Everybody,
  A few weeks ago, there was a thread at
  https://discussions.apple.com/thread/3211072
  I'm having the same issue, and it's a real security problem, since I have no way of turning off file sharing for a user account.
  The thread discussed the inability to disable SMB file sharing because Lion returned an incorrect password error message for the shared account -- even when the user typed in the correct password. A user named SanderFromH offered a fix at
  https://discussions.apple.com/message/16773220#16773220
  It involves locating and copying the file at /var/db/dslocal/nodes/Default/users/<user>.plist
  Is this the only way people know to fix this issue, or has anyone found an easier way? If no, can someone please tell me how to locate this file. When I search spotlight for a directory called dslocal, I find nothing. Can someone please provide step by step instructions for fixing this issue?
  Thanks so much.
  G

  Hi, and welcome to the community!
  So was this Spotify account originally created with facebook and not created with Spotify then linked to facebook? It sounds like it if you login with an email.
  Can you log in on the Spotify web player?
  Anthony

• I'm desperately waiting for FOLDER SHARING!

  By the way, how can i reply to discussions? Tried to reply to a similar question, but didn't find a button to reply.

  There should be a blue Reply link below the forum post.
  And yes I understand your desperate wait for folder sharing. I am waiting too.

• How to make a folder shared on remote machine

  Consider, we have two machines 'A' and 'B'. On machine 'B' we have a folder with absolute path 'C:\SharedFoderTest\Folder' and this folder is not a shared folder.
  Now, is there any way to make this folder shared with the help of java code which is running at machine 'A'.
  we have:
  1.) machine 'A' and 'B' ip addresses.
  2.) absolute path of non-shared folder on machine 'B'.
  Please let me know is there any way to do this.
  Thanks,
  Rajesh

  Rajesh Panchal wrote:
  Consider, we have two machines 'A' and 'B'. On machine 'B' we have a folder with absolute path 'C:\SharedFoderTest\Folder' and this folder is not a shared folder.
  Now, is there any way to make this folder shared with the help of java code which is running at machine 'A'.
  we have:
  1.) machine 'A' and 'B' ip addresses.
  2.) absolute path of non-shared folder on machine 'B'.
  Please let me know is there any way to do this.Something has to run on B to accomplish that.
  Solution 1:
  - Install SSH server on B.
  - SSH server is running on B.
  - Create java SSH client which logs into B then uses "net share" command to create it.
  Solution 2:
  - Create java server that runs "net share" command when it receives request.
  - Install that server on B.
  - Create java client that calls server.

• How can I disable the memory sharing with the video?

  how can I disable the memory sharing with the graphic card? it makes me impossible to run a software, grandMA2, on windows 7 installed and run via bootcamp. where should I look for changing the preferences of memory and video, on lion or on windows7? thank you

  so what do you think. I run a software on windows 7 running via bootcamp on my mbp, but I can't open it. the software is compatible with windows 7 on mac. I tried opening it as administrator or changing the compatibility options, like running it as windows xp, and changing the resolution of the video. it can't build the window and then it crashes. on internet I found a compatibility list of the software where it says please do not use any shared memory for the graphic card. what does it mean? I have just to remove the check in automatic graphics switching? what should I try to do? thank you. 

• Query regarding Folder Sharing

  Hi Experts,
  I have created Folder(sampleFolder1) by User A (folder path is : /domain/container/workspace/sampleFolder1). What steps do i need to do to share that folder with other users..... so that when other users log on... they should be able to see the shared folder.
  Thanks
  parker.

  Hope this helps
  http://ticklingmind.blogspot.com/2010/03/content-and-user-information-from.html

• SAP CE Installation in Distributed Mode without SAPMNT Folder Share

  Hello
  We are installing NW CE 7.1 in Production Environment in Distributed Mode - App Server on one host and DB Server on another host.
  The App and DB server OS are Windows Server 2008 R2 and DB is Oracle 11g. We have successfully installed SCS on the app server and now installing DB Server Instance on the DB Host. While installing the same, the SAP Installtion asks for path of SAPMNT.
  Our Network Team has informed that due to security reasons, in production data center they will not be able to allow sharing of folder from App Server. They have asked us to check if there is any other way of completing our installation without actually creating folder share on App Server.
  We would like to know whether the sharing can be taken out of the server component and the same can be enabled on the different machine and this can be given the UNC path for accessing the same.
  Kindly confirm if this is possible and supported by SAP. Also let us know if there are some other supported options regarding the same.
  Regards,
  Shubham

  Hi Sunny,
  Thanks a lot for your response. So does it mean I can copy the usr/sap folder to the DB Server and give the path from the same DB server to complete the install? Does this path need to be provided in UNC format or can be using local drive path
  Also can I do the same for Additional App Server that we can install. Kindly confirm.
  Regards,
  Shubham

• Permissioning and folder sharing issues on domain

  We are new to Active Directory.  I am experimenting with folder and sharing permissions in an effort to get to where we can secure network folders for access to only certain individuals.
  I am running into inexplicable behavior.
  On a domain joined server, I have created a folder called "for ITADMIN".  This folder should only be accessible to members of the ITADMIN domain security group.  I disabled inheritance on this folder first.  Then, in the Security
  tab, I have set it up such that there are only two security principals in the ACL: SYSTEM and ITADMIN, both of which have full control.
  On the Sharing tab, I went to Advanced Sharing and clicked the Permissions button.  Here, I set my sharing permissions.  There is only one security principal in this ACL, ITADMIN, and ITADMIN is granted full control.
  At this point, I am still logged in to the domain joined server with my own user account.  My user account is a member of ITADMIN.  I can open Windows Explorer and browse through the "for ITADMIN" folder freely.
  Now, I log in to our Domain Controller with my user account.  In Windows Explorer, I type in the UNC path to the domain joined server hosting our shared folders (\\machinename).  I see the shared folder "for ITADMIN".  When
  I try to go into it, I receive an error:
  "Windows cannot access \\machinename\for ITADMIN.  You do not have permissions to access \\machinename\for ITADMIN.  Contact your network administrator to request access?
  I am a member of the ITADMIN group.  ITADMIN is the owner of the shared folder, has Full Control security permissions, and Full Control sharing permissions.  Why in the world is this behavior occurring?
  Additional Info: Could this be a problem when trying to access shares from the domain controller?  While I don't anticipate needing to do this from the DC on a production basis, it still seems bizarre.
  Additional Info: my ITADMIN group is a global group.  Could that be posing a problem?

  Nevermind.  I neglected to log out and log back in after making permissions changes, thus my account's security token was not getting updated.