Search for files over a mapped network drive
Hi,
At the moment I'm using a simple listFiles with a FileFilter to do a search over a mapped network drive. But the performance is not very good.
The number of folders and files that need to be searched is rather high, resulting in long waiting times (+5min).
Is there a way to improve this type of searches?
Thanks in advance,
Dave
Hard to say without seeing details. Try to narrow down where it happens.
One nasty bug in Windows (let's assume you are using it) is that stat'ing all files in a directory is much faster than stat'ing them individually. In other words, if you do something like
String names[] = directory.list();
for (name in names) {
File f = new File(name);
if (f.isDirectory()) ...
}that's way slower than:
File files[] = directory.listFiles();
for (f in files) {
if (f.isDirectory()) ...
}See if you do "new File()" for all files, e.g. in your filter. It will kill your performance. To demonstrate: open a big directory in standard Windows file explorer. Select all files. Right-click & select Properties. Go for lunch while Windows thinks about it. Compare with performance of clicking Properties for the directory instead of a collection of all the files.
Similar Messages
-
UTL_FILE - Write to a file on a mapped network drive
Hello,
I am trying to get the UTL_FILE package to write a file to a mapped network drive on
Windows NT. We have the following definition in the init<SID>.ora file pointing to the
network drive:
UTL_FILE_DIR=v:\hawkrpt
Here is the code to write to the file:
CREATE OR REPLACE PACKAGE pkgUtlFileTest AS -- package spec
PROCEDURE isp_UtlFileTest ( vcDir IN VARCHAR2,
vcFileName IN VARCHAR2,
vcOpenType IN VARCHAR2,
vcMessage1 IN VARCHAR2 );
END pkgUtlFileTest;
CREATE OR REPLACE PACKAGE BODY pkgUtlFileTest AS -- package body
PROCEDURE isp_UtlFileTest ( vcDir IN VARCHAR2,
vcFileName IN VARCHAR2,
vcOpenType IN VARCHAR2,
vcMessage1 IN VARCHAR2 ) IS
-- vcDir is the utl file directory
-- vcOpenTpye is the open type a = append, w = write or r = read
-- vcFileName is any file name you want.
-- vcmessage is the entry you want placed into the file
vcUtlFile UTL_FILE.FILE_TYPE;
BEGIN
IF LOWER(vcOpenType) = 'a' OR LOWER(vcOpenType) = 'w' THEN
vcUtlFile := UTL_FILE.FOPEN(vcDir, vcFileName, vcOpenType);
UTL_FILE.PUT_LINE(vcUtlFile, vcMessage1);
UTL_FILE.FCLOSE(vcUtlFile);
END IF;
EXCEPTION
WHEN NO_DATA_FOUND THEN
DBMS_OUTPUT.PUT_LINE('no_data_found');
UTL_FILE.FCLOSE_ALL ();
WHEN UTL_FILE.INVALID_PATH THEN
DBMS_OUTPUT.PUT_LINE('UTL_FILE.INVALID_PATH');
UTL_FILE.FCLOSE_ALL ();
WHEN UTL_FILE.READ_ERROR THEN
DBMS_OUTPUT.PUT_LINE(' UTL_FILE.READ_ERROR');
UTL_FILE.FCLOSE_ALL ();
WHEN UTL_FILE.WRITE_ERROR THEN
DBMS_OUTPUT.PUT_LINE('UTL_FILE.WRITE_ERROR');
UTL_FILE.FCLOSE_ALL ();
WHEN UTL_FILE.INVALID_OPERATION THEN
DBMS_OUTPUT.PUT_LINE('UTL_FILE.INVALID_OPERATION');
UTL_FILE.FCLOSE_ALL ();
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('OTHER ERROR' );
UTL_FILE.FCLOSE_ALL ();
END isp_UtlFileTest;
END pkgUtlFileTest;
Here is the code to execute the stored procedure:
Begin
pkgUtlFileTest.ISP_UTLFILETEST('v:\hawkrpt','test.txt','w','This is a test');
End;
When the stored procedure is executed, the following error is returned:
UTL_FILE.INVALID_OPERATION
Can someone tell me how to get the UTL_FILE package to write a file to a network drive
on a Windows NT server?
Your help will be greatly appreciated!
MikeDid you restart the database after changing the init.ora parameter? Make sure that you have this new value in v$parameter view.
-
i have a external hard drive connected, Finder will not let me search for files in the external hard drive how do i search in a hard drive
What are you using to search? You should be able to search any drive in from the Finder. If you're having trouble, try "EasyFind" from the App Store (free). You can search any volumes with it.
Clinton -
Search for files over 100MB fails
I had an issue recently where I completely filled up my internal hard drive on my MacMini. I have take the time to clean it out using HD Cleaner and I now have 69.24GB of free space. Just to make sure there isn't any other junk I can get rid of I am attempting to go to "Files over 100MB" and I get a popup window that states "The operation can't be completed" with only an OK button to dismiss this. Anyone know how to fix this? I am running OSX 10.9.3
Thank you,
JustinI had the same problem. Never got to the bottom of it, (I hypothesised that it might be a folder permission issue maybe?), however I tried the "Disk Doctor" app which worked fine. When I first ran it, it asked me to allow permission to access the drive. There is a selection category of >100mb files in there (which you cherry pick the ones to get rid of), plus identifies a load of other junk which you can choose (or not) to delete.
https://itunes.apple.com/gb/app/disk-doctor/id455970963?mt=12 -
Location is not available to mapped network drive in Windows 8 using Synology NAS
Original Thread:
http://answers.microsoft.com/en-us/windows/forum/windows8_1-files/location-is-not-available-to-mapped-network-drive/ca7eac5c-0e3d-494b-b488-e245978e4db9
I have recently upgraded to Windows 8.1 standard edition. I have come across a problem when using the option for mapped network drives. Under Windows 7 I would normally map a network drive (Synology NAS) and I could access all files, copy and paste, install
apps, and link media, all from within the mapped network drive. However, under Windows 8.1 I have come across a couple of problems.
1. When I try to copy a file from my "Mapped Network Drive" to the C:\Drive (OS Boot Drive), I get the following error,
"E:\ is unavailable. If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again. if the location is on a network, make sure you're connected to the network or internet, and then try again. If the
location still can't be found, it might have been moved or deleted."
However, if I copy a file from the "NETWORK/Network Location" the file copies just fine with no problems. And, If I also copy a file from a "Added Network Location" the file also copies just fine with no problems. And, if I copy a file from
my "Mapped Network Drive" to my D:\Drive (non OS Drive), the file copies just fine with no problems.
2. When I try to install apps from my "Mapped Network Drive" they will sometimes install and sometimes not (I am also choosing the option to run the programs as Administrator). Again if I try to install using either the "NETWORK/Network Location"
or an "Added Network Location" the apps install just fine with no problems.
3. When I link media (music or videos) from my "Mapped Network Drive" they will work but once I reboot they no longer work as if they have lost the file path or link of the original source location.
4. When I use FireFox (browser) and I set my default download dir to my "Mapped Network Drive" it will work once originally set it but after I reboot, it no longer works. However, again if I set the default download dir to either the "NETWORK/Network
Location" or an "Added Network Location" the default download dir works fine even after reboot.
While I am able to access my network drive using any of the three options, "Mapped Network Drive", "NETWORK/Network Location", and "Added Network Location" but only "NETWORK/Network Location", and "Added Network
Location"appear to be reliable. Tbh I would prefer to be able to use my "Mapped Network Drive" in Windows 8 as I have been able to under Windows 7.
More info:
I currently have UAC set to "Never Notify".
I also have Windows 8.1 installed on three different systems and all of them give me the same exact problems. One of the systems is a completely clean install with no 3rd party apps installed.
Just so its clear I am able to access the "Mapped Network Drive" but unfortunately this method of access appears to be unreliable in Windows 8 but in Windows 7 it works flawlessly.
If I map a network drive from another pc running windows 7 or 8, I can access and use the mapped drive with no problems. This problem appears to be related to the Synology NAS devices and I have researched the Synology forums but only found one thread about
the problem, here:
http://forum.synology.com/enu/viewtopic.php?f=49&t=76687
I have searched several forums and attempted to pick the brains of my local computer shops for any incite on this problem but I have been unable to find a solution/fix.
Any help resolving this is greatly appreciated.Hi,
Based on your description, we can temporarily disable the firewall to see whether the issue persists.
For this issue seems related to the Synology NAS devices, in order to get professional help regarding the product, we can contact the vendor support to see whether the issue
can be fixed.
Best regards,
Frank Shen -
Enable Recycle Bin on mapped network drives
A few years ago I discovered how redirected user profile folders in Windows get Recycle Bin protection, even when the folders are redirected to a network location. This was a huge find for me, and I used this feature to add Recycle Bin coverage to some of
my mapped network drives. I shared this information on another forum here:
http://forums.mydigitallife.info/threads/16974-Tip-Network-Recycle-bin
Today I figured out a better way to achieve the same goal that doesn't rely on user profile folder redirection, and am sharing that information for other users to try out. You might want to take a look at these forum topics for additional information:
http://technet.microsoft.com/en-us/library/cc787939(v=ws.10).aspx
http://blogs.technet.com/b/askds/archive/2012/07/16/managing-the-recycle-bin-with-redirected-folders-with-vista-or-windows-7.aspx
http://msdn.microsoft.com/en-us/library/bb882665.aspx
http://social.technet.microsoft.com/Forums/windowsserver/en-US/10bfcfb9-14f3-434e-9ffa-0289b8b32e01/folder-redirection-recycle-bin
The standard disclaimer applies - this might break stuff. I've only tested in Windows 8, and my testing is limited. Try this at your own risk.
This is what I've learned (or think I've learned - I might be wrong):
Windows Vista and later store the configuration settings for the Recycle Bin for redirected user profile folders in this registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder
Under this key are separate keys for each redirected folder that is protected by the Recycle Bin. The keys contain the configuration information for each protected folder, and are named to match the GUIDs for "Known Folders." A list of the Known
Folder to GUID mappings is available in one of the links above.
The registry also contains a list of "known folders" at this location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
So, I reasoned that if I could create my own custom "known folder," I could add that to the list of folders that were protected by the Recycle Bin and protect any mapped network drive I wanted. So I looked at the list of existing "known folders"
and created a key that was similar to the Documents key. I then fiddled with the values in the key until I narrowed it down to the minimum number needed to make the recycle bin work.
This .reg file will protect a mapped X: drive with a ~50GB recycle bin. You should modify the file to fit your needs:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"RelativePath"="X:\\"
"Category"=dword:00000004
"Name"="XDrive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"MaxCapacity"=dword:0000c7eb
"NukeOnDelete"=dword:00000000
A few things of note:
The GUID in the above .reg file {9147E464-33A6-48E2-A3C9-361EFD417DEF} came from this PowerShell command: "{"+[guid]::NewGUID().ToString().ToUpper()+"}"
Each "known folder"/Recycle Bin combination requires a unique GUID. If you don't want to use PowerShell to generate a GUID, you can use an online GUID generator.
I don't know what the "Category" value does, but the key I copied had it set to 4, and that works, so I didn't test any other values.
The "Name" value is required, but is not the name that will be shown if you right-click on the Recycle Bin and select properties. (At least not in my environment.) In my environment, the name that is shown is the name of the network drive.
Making this change adds a "Location" tab to the properties page of your mapped network drives. I suspect this could be removed by changing the "Category" value, but didn't bother to find out.
I only tested with mapped network drives. I suspect this would work with UNC paths as well, but I didn't bother testing.
I hope you're as excited to find this as I was to figure it out. Let me know if this works for you. I now plan to deploy the registry keys with Group Policy Preferences and will update this forum post with any information I discover.
Best regards
--Russel
Update: I am now using Group Policy Preferences to deploy the needed registry keys, and all my mapped network drives are now protected by the recycle bin.
Update 2: I have tested now with UNC paths, and this works fine. I still use mapped network drives, but if your environment requires UNC paths instead, you can use them. Note however that if you have a mapped network drive that points to a UNC path, and
you protect the UNC path with a registry change, if a user deletes a file from the mapped network drive that points to that UNC path, the file will be permanently deleted. See below for more details.FANTASTIC work Russel !
This is extremely helpful.
I've turned your work into a Bat Script that will automatically make the reg file.
It creates a unique guid each time it is run, so no worries on overlaps.
Just copy and paste the following into notepad
and save it as "Network Recycling Bin - auto make registry file.bat"
echo off
REM ========== MAIN FUNCTION ========================
Call :CreateREGfile
PAUSE
goto :eof
REM ========== SUB FUNCTIONS ========================
:CreateREGfile
set /p RelativePath=Enter
current mapped path of drive (e.g. X:\FileShare\D_Drive):
REM replace \ with \\ (for reg value its a requirement)
Set RelativePath=%RelativePath:\=\\%
set /p MaxBinSize_Dec=Enter
max size (in mb) (eg 11gb=11000):
call :toHex
%MaxBinSize_Dec% MaxBinSize_Hex
Set outputREG="Network
Recycling Bin - %RelativePath:~0,1% Drive (%MaxBinSize_Dec%mb).reg"
call :MakeGUID_VBS NewGUID
REM echo My new GUID : %NewGUID%
echo Windows Registry Editor Version 5.00
>
%outputREG%
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\%NewGUID%]
>>
%outputREG%
echo "RelativePath"="%RelativePath%"
>>
%outputREG%
echo "Category"=dword:00000004
>>
%outputREG%
echo "Name"="NetworkDrive2RecyclingBin_%NewGUID:~1,5%"
>>
%outputREG%
REM The "Name" value is required, but is not the name that will be shown if you right-click on the Recycle Bin and select properties. That will be autoset to the network drive name.
echo.>>
%outputREG%
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\%NewGUID%]
>>
%outputREG%
echo "MaxCapacity"=dword:%MaxBinSize_Hex%
>>
%outputREG%
echo "NukeOnDelete"=dword:00000000
>>
%outputREG%
goto :eof
:MakeGUID_VBS
echo set obj
= CreateObject("Scriptlet.TypeLib")
> TEMP_generateGUID.vbs
echo WScript.Echo obj.GUID
>> TEMP_generateGUID.vbs
FOR /F "usebackq tokens=*"
%%rin (`CSCRIPT "TEMP_generateGUID.vbs"`)DO
SET RESULT=%%r
set
%1=%RESULT%
del TEMP_generateGUID.vbs
goto :eof
:toDec
:: todec hex dec -- convert a hexadecimal number to decimal
:: -- hex [in] - hexadecimal number to convert
:: -- dec [out,opt] - variable to store the converted decimal number in
SETLOCAL
set /a dec=0x%~1
( ENDLOCAL & REM RETURN VALUES
IF "%~2"
NEQ "" (SET %~2=%dec%)ELSE
ECHO.%dec%
EXIT /b
:toHex
:: eg call :toHex dec hex -- convert a decimal number to hexadecimal, i.e. -20 to FFFFFFEC or 26 to 0000001A
:: -- dec [in] - decimal number to convert
:: -- hex [out,opt] - variable to store the converted hexadecimal number in
::Thanks to 'dbenham' dostips forum users who inspired to improve this function
:$created 20091203 :$changed 20110330 :$categories Arithmetic,Encoding
:$source http://www.dostips.com
SETLOCAL ENABLEDELAYEDEXPANSION
set /a dec=%~1
set "hex="
set "map=0123456789ABCDEF"
for /L
%%Nin (1,1,8)do
set /a "d=dec&15,dec>>=4"
for
%%Din (!d!)do
set "hex=!map:~%%D,1!!hex!"
rem !!!! REMOVE LEADING ZEROS by activating the next line, e.g. will return 1A instead of 0000001A
rem for /f "tokens=* delims=0" %%A in ("%hex%") do set "hex=%%A"&if not defined hex set "hex=0"
( ENDLOCAL & REM RETURN VALUES
IF "%~2"
NEQ "" (SET %~2=%hex%)ELSE
ECHO.%hex%
EXIT /b
:eof -
Xmlparser.parse fails with ORA-20100 when reading from mapped network drive
Hi
I have a problem with the xmlparser when parsing an xml document from a mapped network drive. If I read the xml document from a local drive, then there is no problem.
I haven't been able to find any documentation specifying this. Is there any way to parse a file from a mapped network drive???
To clarify, I have created an example procedure, that parses an XML doc from disc, notice that the G: drive is a mapped drive:
CREATE OR REPLACE procedure test_xmlparser is
p xmlparser.Parser;
dir varchar2(100) := 'G:\Vejdirektoratet\root\xsl';
errfile VARCHAR2(32) := 'error.log';
begin
p := xmlparser.newParser;
-- set parser properties
xmlparser.setValidationMode(p, FALSE);
xmlparser.setErrorLog(p, dir || '\' || errfile);
xmlparser.setPreserveWhiteSpace(p, FALSE);
-- parse xml file
xmlparser.parse(p, dir || '\' || 'HelloWorld.xml');
xmlparser.FREEPARSER(p);
end;
The file HelloWorld.xml contains the following:
<?xml version = '1.0'?>
<message>
<text>Hello World</text>
</message>
When running this in SQL*Plus I get the following error:
ORA-20100: Error occurred while parsing: Invalid argument
ORA-06512: at "SYS.XMLPARSER", line 22
ORA-06512: at "SYS.XMLPARSER", line 69
ORA-06512: at "VD.TEST_XMLPARSER", line 14
ORA-06512: at line 1
Changing the value of the variable dir to 'C:\' makes it all work.Hi again
I need to ask a last, hopefully ;-), question on upgrading the JDK to 1.3.1:
As far as I understand, this is how I do it:
1) Install JDK 1.3.1 on DB server
2) tell Oracle DB, to use that JDK.
Is this the correct way? And how is step 2 done?
Looked on metalink, google etc., but could only find this for 9iAS (not the DB) and Oracle Applications 11i.
thanks, Sxren -
How can I: Search for files "not in catalog"
Is there a way to search for files/photos on my hard drive that are *NOT* already in my catalog?
(a) I can do a mass search to find all photos on my hard drive.
(b) And there is a reconnect feature - for all entries in catalog with a missing/invalid link, look for the file that matches best.
But I'd like to have Elements find photos that I have not added to the catalog.
That is, do (a), but check each one to see if it is already added.
Is there a way to do that?
Thanks,
-ceejWhat you want to achieve by finding those files?
In folder view you can see the folder which have no media files in Organizer.
If you import all the files form all the drives on your system, by deafult you will see files just imported into catalog. That means, just after import ou will have the files which were not in your catalog :-)
I know my answer could be confusing for you, but it will make sense if you know what happens after import in Organizer... -
Searching for shared files over a server network using a client computer
I think spotlight can only be used to search for files on a local computer. Is there a way to search for shared files on a server from a logged in client computer?
It should work on shared HFS volumes. You would have to start the search from the Finder, not from the Spotlight menu.
-
Office 2007 saving documents over mapped network drive takes abnormally long
On a new Windows 8.1 Pro 64 bit computer, I have installed Office 2007. When I attempt to save documents to a mapped network drive on a peer network (saving to a Windows 8.1 Pro 64 bit computer), I have abnormally long save times. However, when I attempt
to save documents to my computer, I have no issues. I do not have any issues when opening the files over the mapped drive.
Turning off the third-party Bullguard Internet Security antivirus and firewall makes no difference. Setting as an exception the excluded mapped drive folder makes no difference either.
I have disconnected the mapped drive and re-mapped the network drive, but this makes no difference.
I had no problem with the same software on a prior computer running the same Office 2007 version. Another computer on the network has no issues either.
Please advise how to speed up the saved documents (Word, Excel).Hi,
As the slow to save files issue, please try the suggestion below to modify the registry:
Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the
registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry,
http://windows.microsoft.com/en-US/windows7/Back-up-the-registry
To start the Registry Editor, press Win + R, type "regedit.exe" in the blank box, press Enter. Then add the following registry key to the machine:
[Hkey_Current_User\Software\Microsoft\Office\12.0\Word\Options]
"DisableRobustifiedUNC"=Dword:00000001
[Hkey_Current_User\Software\Microsoft\Office\12.0\Excel\Options]
"DisableRobustifiedUNC"=Dword:00000001
I hope this can help.
Regards,
Melon Chen
TechNet Community Support -
Mapped network drive appears empty for all users on one computer
We have several network drives mapped via a batch file at log in. On one particular Windows 7 computer one of these drives maps but appears empty. Manually mapping to the drive and assigning a different drive letter makes no difference but manually
mapping by entering the IP address allows viewing and accessing the contents.
The malfunctioning network drive is also using Hosted BranchCache. The following settings are set in local group policy:
(\Network\BranchCache)
Turn on BrancheCache - Enabled
Set BranchCache Hosted Cache Mode - Enabled - <servername>
Configure BranchCache for network files - Enabled - 0
The servers involved are running Windows Server 2012.
I am at a loss here and will appreciate any suggestions.
~JuniorG33k "Why is this thus? What is the reason for this thusness?"With Offline Files disabled the contents of the mapped drive are visible and accessible. Unfortunately, Offline Files must be enabled for BranchCache to work.
Looking in the Event Viewer at “Applications and Services Logs\Microsoft\Windows\OfflineFiles\Operational” I can see that the mapped network drive transitioned to slow link during high latency but has never transitioned back.
~JuniorG33k "Why is this thus? What is the reason for this thusness?" -
How can we access a file that is on a mapped network drive.
If I have a network drive that is password protected and is already mapped on a server(x.x.x.x) as R drive. And I have file called temp.txt on R:\Temp folder on the mapped network drive.
How can I access it using file: using a client application running on that server.
Thanks.ag2007 wrote:
When I use it the above way I am getting the following exception:
java.io.FileNotFoundException: \\network\share\Temp\temp.txt (Logon failure: unknown username or bad password).
From the above I can say that I need to specify the username and password.
Now my question is how do I specify the username and password in the URI?
Thanks for the help.You don't. It is required that the user account running the code already has permissions to the directory in the first place. -
This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
EFS operations occur on the computer storing the files.
EFS files are decrypted then transmitted in plaintext to the client's computer
This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
2) SOLVE by setting up WebDAV (efs files accessed through web folders)
EFS operations occur on the client's local computer
EFS files remain encrypted during transmission to the client's local computer where it is decrypted
This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
a) START ... CMD
b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
1 click START and type "Turn Windows Features On or Off" and open the link
a) scroll down to "Internet Information Services" and expand it.
b) put a tick in: "Web Management Tools" \ "IIS Management Console"
c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
f) click ok
g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
a) on the "Anonymous Authentication" and click "Disable"
b) on the "Windows Authentication" and click "Enable"
NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
It can be by changing registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
BasicAuthLevel=2
c) on the "Windows Authentication" click "Advanced Settings"
set Extended Protection to "Required"
NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
a) on the right side, under Actions, click "Add Allow Rule"
b) set this to "all users". This will control who can view the "Default Site" through a web browser
NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
a) on the right side, under Actions, click "Edit Feature Settings"
b) tick the box "Allow double escaping"
*THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
a) set the Alias to something sensible eg "D_Drive", set the physical path
b) it is essential you click "connect as" and set
this to a local user (on fileserver),
if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
NB: the user account selected here must have the required EFS certificates installed.
See
here and
here
NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
The work around is on the \\fileserver create an NTFS symbollic link
e.g. to share the entire contents of "D:\",
on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
in cmd in this folder create an NTFS symbolic link to "D:\"
so in cmd type "cd c:\inetpub\wwwroot"
then in cmd type "mklink /D D_Drive D:\"
NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
b) if some exist review existing allow or deny.
Take care to not only review the "allow access to" settings
but also review "permissions" (read/write/source)
NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
a) On Windows 7 you need only change one tiny registry value:
- click START, type "regedit", open link
-browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
-on the EDIT menu click NEW, then click DWORD Value
-Type "DisableEFSOnWebDav" to name it (no speech marks)
-on the EDIT menu, click MODIFY, type 1, then click OK
-You MUST now restart this computer for the registry change to take effect.
b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
It should show the default "IIS7" image.
If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
e.g. http://localhost/D_drive
If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
eg if your server's computer name is "fileserver" go to "http://fileserver:80"
It should show the default "IIS7" image. If not, check firewall and port blocking.
Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
a) click the "Connections" tab at the top
b) click the "LAN Settings" button at the bottom right
c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
a) click START, type "regedit", open link
b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
c) click on "FileSizeLimitInBytes"
d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
a) click on "Security" (top) and then "Custom level" (bottom)
b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
SUCH an easy fix. SUCH an annoying problem on a clientpc
NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
e.g. CMD: net use * "http://fileserver:80/C_drive"
If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
a) On a clientpc, map network drive to http://fileserver/
b) navigate to a folder you know on the \\flieserver is encrypted with EFS
c) create a new folder, create a new file.
IF it throws an error, check carefully you mapped to the WebDAV and not file share
i.e. mapped to "http://fileserver" not "\\fileserver"
Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
a) see the last comment at the very bottom of
this page:
Points to consider:
- NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
It is implimented above, see (11) above
Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
This one took me a long time to track down to "network location".
Win 7 uses network locations "Home" / "Work" / "Public".
If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
FIX = either set IP address manually and specify a gateway
FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?
-
Windows explorer keeps computing items after accessing a mapped network drive
Our organization has decided to upgrade to windows 7 but we are running into a problem with windows explorer green progress bar hanging after accessing a mapped network drive. When you try to go back to computer or access the control panel after going
3 or more folders deep into the mapped drive, windows explorer just keeps searching.
When you expand the arrow in the address bar it states that it is computing items and never stops.
The only way around this is to right click on libraries and select reset back to defaults and everything is back to normal.
We are deploying this image of windows 7 to over a 1000 computers and we cannot have this problem lingering, does anyone have a solution to resolve this issue. This does not happen in Windows XP.
We have tried to turn off windows search and remote differential compression and this does work but the problem is that you lose all search capabilities in windows. So windows search needs to be enabled. We also tried to adjust the MTU, change GP settings,
and nothing seems to work except to turn windows search off or reset libraries back to default.
We also did some research online and there are so many people experiencing the same problem, with no resolution expect they have to go back to Windows XP. That is not an option for us.
Please help us we would really greatly appreciate it.Hi,
The issue could be related to searching and indexing feature in Windows 7. I suggest rebuilding the indexing files.
Click Start -> Type
indexing options in the search box -> Advanced -> Index Settings tab-> Rebuild buttion.
For more information, you can refer to:
http://windows.microsoft.com/en-us/windows7/Change-advanced-indexing-options
If the issue persists, you can perform the following troubleshooting steps.
1. Go to update your network adapter drivers and BIOS from manufacture's site manually.
2. If any router is involved, please update the firmware.
3. Perform a System File Checker.
http://support.microsoft.com/kb/929833
Best Regards,
Niki
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
I want to map network drives for each user when they logon to any workstation in the network. I have created and tested the PS1 script which works fine where the drives attach and used persistent parameter. I have updated the Windows 7 Professional
64-bit workstation to the latest PS 4.0 code. I have created the GPO and believe everything is assigned properly. I made changes to allow execution of local and remote signed scripts. I have forced the changes on a workstation using GPUPDATE
/force, but the drives do not connect. The GPRESULT is as follows which shows the policies are in place as shown below.
What am I missing to get the script to execute?
RSOP data for MRC\mikeg on MIDRUBD03 : Logging Mode
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\mikeg.MRC
Connected over a slow link?: No
USER SETTINGS
CN=My Name,CN=Users,DC=mrc,DC=net
Last time Group Policy was applied: 7/21/2014 at 8:22:05 AM
Group Policy was applied from: MIDSRVR01.mrc.net
Group Policy slow link threshold: 500 kbps
Domain Name: MRC
Domain Type: Windows 2000
Applied Group Policy Objects
StartingUp
The following GPOs were not applied because they were filtered out
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
Domain Admins
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
MRCAdmins
Domain Users
Enterprise Admins
Schema Admins
AS400_Permanent_Users
Denied RODC Password Replication Group
DnsAdmins
High Mandatory Level
The user has the following security privileges
Resultant Set Of Policies for User
Software Installations
N/A
Logon Scripts
GPO: StartingUp
Name: C:\Windows\SYSVOL\sysvol\mrc.net\Policies\{47773A6D-1115-4A3D-BB74-F672B315A430}\User\Scr
pts\Logon\MapDriveScript.ps1
Parameters:
LastExecuted: This script has not yet been executed.
Logoff Scripts
Public Key Policies
N/A
Administrative Templates
GPO: StartingUp
KeyName: Software\Policies\Microsoft\Windows\PowerShell\EnableScripts
Value: 1, 0, 0, 0
State: Enabled
GPO: StartingUp
KeyName: Software\Policies\Microsoft\Windows\PowerShell\ExecutionPolicy
Value: 82, 0, 101, 0, 109, 0, 111, 0, 116, 0, 101, 0, 83, 0, 105, 0, 103, 0, 110, 0, 101, 0, 100,
0, 0, 0
State: Enabled
Folder Redirection
N/A
Internet Explorer Browser User Interface
N/A
Internet Explorer Connection
N/A
Internet Explorer URLs
N/A
Internet Explorer Security
N/A
Internet Explorer Programs
N/A> Name:
> C:\Windows\SYSVOL\sysvol\mrc.net\Policies\{47773A6D-1115-4A3D-BB74-F672B315A430}\User\Scr
> pts\Logon\MapDriveScript.ps1
> Parameters:
First: Only one of all current answers points in the right direction.
You picked the local sysvol path on the DC which does not exist on
clients, of course...
The Path to the script MUST be an UNC path starting like
\\mrc.net\sysvol\mrc.net\Policies\...
Second: You CANNOT execute PS1 directly (unless you change the .ps1 file
extension configuration). The "Name" MUST be "powershell.exe", and the
script itself goes into "Parameters".
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Maybe you are looking for
-
Selection color of TextField in AIR
hi there, i was wondering why the TextField's selection color in AIR is different from the one in the flashplayer - and if there is a way to change it? who chose a grey tone as highlight color, and an even lighter grey when the TextField lost its foc
-
I've just updated my Macbook to Mavericks and all my .avi files storaged in a Lacie Rugged aren't opening but converting one by one I opened; are they not compatible?. Is there a way to converting all of them simultaneously and faster? Thanks a lot g
-
Hi, I need to create simple JSP pages and deploy it to SAP J2EE engine.. what is the procedure?...I may later add some businness logic but not needed for now. Please help Thanks, Jai
-
Are there any third-party PCIe USB 3 cards that are supported by Mountain Lion without additional drivers?
-
Facing problem in hierarichal alv
Hi , I had formed Hierarichal alv, but getting a problem. when item body is empty its not even printing header. whole data is passing till header internal table but when it find item body empty , it shows that 'list contain no data.' plz do help me