Setting File Share Permissions with GUI

Similar Messages

• Clustered File share Permissions won't set (with error)

  I have a s2012r2 cluster with a file server. When i go to create a new share it creates with read only permissions and i cannot change it to full or read/write. it is just the share permissions that won't set. when i create a share the error i get is "The
  Cluster Resource could not be found." if i try to edit the share permissions the error is "Error Occurred while update an SMB share: The cluster resource could not be found" the admin share is working perfectly and the folder permissions are
  accurate. 
  The only solution to this problem i have found online that worked for someone is to destroy the cluster and rebuild it. I really don't want to do that.

  Hi RaVell(Pinki),
  This error typically occur when 
  we have added the Disk from Available Storage to the File Share Server Group, please refer the following KB solution to avoid this action.
  You may receive error messages when you share a folder in a Windows Server 2008 failover cluster
  http://support.microsoft.com/kb/947051
  More information:
  Advanced resource configuration in Windows Server 2008 failover clusters
  http://support.microsoft.com/kb/947050
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How can I migrate file shares & permissions from one volume to another on the same server?

  I am replacing a storage array and as part of that process, I need to move files/folders and Shares/permissions from one Volume to another volume within the same server.
  The server is Windows 2003 file server.  The file transfers are not a problem, moving all 40 shares with permissions etc. is my main concern because in order to maintain everything I need to change the drive letter of the new volume to match the old
  one so that links to various resources throughout the network do not break.

  Hi, 
  If you want to copy files/folders from one Volume to another volume within the same server, you could use the File Server Migration Tool (FSMT) or Robocopy to accomplish your goals. The tool can move all of the files from the shares on your original volume
  to the new volume.
  For more detailed information, you could refer to the articles below:
  File Server Migration Toolkit
  http://technet.microsoft.com/en-us/magazine/2006.10.utilityspotlight.aspx
  The File Server Migration Toolkit (FSMT) is a free download available at:
  http://www.microsoft.com/en-us/download/details.aspx?DisplayLang=en&id=10268
  Robocopy
  http://technet.microsoft.com/en-us/library/cc733145.aspx
  FSMT and Robocopy will not copy Share permissions but only NTFS permissions. So if the drive letter will not be changed, you can backup and restore the Share permission with steps here:
  Saving and restoring existing Windows shares
  http://support.microsoft.com/kb/125996
  Regards, 
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Are there any compatibility issues with Mavericks and EMC Celerra File shares, particularly with the SMB protocols?

  Our company uses a EMC Celerra file share, but most of our users are Windows based. We have a small production department of 7 macs. Starting with Snow Leopard, we noticed some issues with SMB. We were able to resolve those issues, but had to wait to upgrade to Lion because there were additional SMB or permissions concerns with the Celerra file share and Lion. Now, we are again waiting to upgrade to Mavricks because of the way it handles user permissions. Does anyone using Mavericks now also connect to a EMC Celerra file share? Thanks! 

  Our company uses a EMC Celerra file share, but most of our users are Windows based. We have a small production department of 7 macs. Starting with Snow Leopard, we noticed some issues with SMB. We were able to resolve those issues, but had to wait to upgrade to Lion because there were additional SMB or permissions concerns with the Celerra file share and Lion. Now, we are again waiting to upgrade to Mavricks because of the way it handles user permissions. Does anyone using Mavericks now also connect to a EMC Celerra file share? Thanks! 

• Setting file execute permissions--a somewhat arcane question.

  As I've been learning Unix, I'm often impressed by the logic and efficiency of certain features, so when I find things that don't fit this pattern, it really makes me wonder.
  This particular example isn't so much about the design of permissions as it is about the way administrators--even competent ones--use them.
  A case in point:
  -rwxr-xr-x 1 root wheel 5099 Dec 7 2006 /usr/sbin/apachectl
  This means that the file belongs to root, and root can do anything (s)he wants to it--read, write and execute.
  Furthermore, anyone who belongs to the group, wheel (which, correct me if I'm wrong here, is pretty generally confined to root) can read and execute it. They can't write to it because, presumably, you don't want just any old wheel coming along and changing this file, although they may read it, which might be a good thing to do before they execute it.
  Finally, other, that is, any old user, can execute the file, but they can't write to it, and they can't even read it. (Incidentally, why would you want to prevent someone from reading a file that you're allowing them to execute? Element of surprise? But that's not my real question.)
  My real question involves the following: try logging on as anyone other than root and running that file. If Apache is running, try to stop it. It will tell you it isn't running. That's a lie. Okay, maybe an honest mistake, but it isn't true. Now try to start it. It doesn't have to be stopped; you'll get the same error either way: "fopen: Permission denied," it says, "httpd: could not open error log file /private/var/log/httpd/error_log."
  I seem to run into this a lot. A file that I have permission to execute produces an error message when I try to run it because it tries to do something that I don't have permission to do. So why do I have permission to execute the file in the first place?
  Okay, maybe there are some useful things I can do with apachectl, like configtest, that don't require me to be root. Like if I'm editing the httpd.conf file, I can check it with configtest, and then when it's ready I can go get an administrator to restart apache, or something like that. Except for the fact that I can't edit httpd.conf because I only have read access to that file. But maybe there are some imaginable scenarios where it might make sense.
  But there are other files that you simply can't do a darned thing with, yet which still allow you to execute them and be chastised for your lowly permission status. Not only that, but it's a relatively simple matter to construct a script in such a way that it will check to see who is executing it, while it's processing directives, and return an appropriate error message, e.g. "Sorry, 'stop' and 'start' can only be performed by root," instead of allowing some downstream process to do its dirty work. Incidentally, allowing errors to be returned from downstream processes gives unprivileged users some insight into what the script does, which, presumably, is part of what they're trying to prevent by not allowing them to read the script!
  If anyone can shed any light on why things are so often done this way, I'd appreciate it. If not, I guess this is just my Unix rant for the the week.
  Disclaimer: I don't hate Unix. I really like it a lot, in spite of its quirks. No one is perfect; not even me! And don't even get me started on "Windows."

  David Livesay wrote:
  Perhaps you just don't know all the details of that particular application.
  Please fill me in on the details I'm missing. That's why I posted this question.
  I will try. But it is easier to explain why "programs in general" behave a certain way than why a "particular" program might behave a certain way. In particulars, I'm likely to be wrong. In generalities, I'll be more correct.
  The default log location is in a directory that you cannot write to. However, this doesn't have to be the case. It could be anywhere.
  Yes, and the permissions could be anything, but for the current location, the permissions don't make sense. You should always write a script for the situation that exists, assuming anyone who had a reason to move the log file would also have permission to change the file permissions accordingly. It doesn't make sense to set permissions according to what someone might do at some future time.
  Sure it does. To use your apachectl example, Apache can be setup to put its log files anywhere on the system. It can be setup to use any particular user. It is one of the most configurable programs there is. It is "owned" by root so that it can't be messed with. It is "run" by nobody or www, so that, if it is compromised, it won't cause (much) damage. On Unix, there is no way to specify that a program is owned by one particular user and run by another particular user (well, maybe with ACL). For this program, the executable could be owned by www, but, since that user is configurable, that wouldn't make any sense. Plus, user ids are specific to each machine, only root is always uid 0. Plus, it is common practice for various reasons to start up as one user and either promote/demote to a different user. Plus, there are at least a dozen other process and daemon specific details that I'm ignoring. I'm trying to make it as short and sweet as possible.
  There are only a few programs that only root should be able to run.
  Please elaborate. Would this include apachectl in your view? If not, what reason would someone else have for running it when it is just going to fail? And remember, if you're going to say they can move the log file, I'm going to reassert that if they can do that then they can change the permissions accordingly.
  I don't know the low-level details about apachectl in particular. Usually, any daemon or daemon related program can only be started by root, but is actually run as a different user. And while I say "only", that is not true. It is more correct to say "should". Everything is configurable! I might want to test out Apache 3.0, for example. I will have it configured to run as a regular user instead of root, because I am debugging it.
  Usually, it is only very low-level, hardware programs (like fsck) that can only be run as root.
  Many have world execute permission explicitly so anyone can run it. That anyone may be a user who have no privileges at all (such as nobody or www) so that if something it gets hacked, the script kiddie only gets access to nobody's files. Usually, that "anyone" is one of these specific users. That log file is probably owned by and is restricted to that user.
  I don't quite follow you. If "anyone" can run it, that would include root. If someone is trying to hack a system, and can choose whether to run a script as root or an impotent user, why would they choose to run it as an impotent user? If they can only do damage by running a given executable as root, they're going to run it as root, whether or not anyone else has permission to run it.
  You can't choose who to run a program as (unless you are root). A program is owned by whomever owns it. It is run by whomever is logged in. Apache, for example, runs "as" www. If hacked, all they can do is deface your web page, they can't bring down the server or compromise it in any other way. That is also why you shouln't even have root enabled on your system and why you should say in su or sudo mode for very long.

• Setting EX2007 mailbox permissions with Exchange Management Shell not reflected in Exchange Management Console

  Hello,
  I'm trying to use PowerShell to script some mailbox permissions.  The mailbox permissions I set in the shell are not displaying in the EMC.  The command I'm using is:
  add-MailboxPermission -accessrights fullaccess -identity $username -user MYDOMAIN\$supervisor -confirm:$false
  I get confirmation from the shell:
  Identity             User                 AccessRights                                               
  IsInherited Deny
  MyDomain.net/Separa... MYDOMAIN\mysupervisor    {FullAccess}                                               
  False       False
  Afterwards, when I look in the Exchange Management Console for this user (Right click, Manage Full Access), even after allowing time for replication, I don't see this new permission reflected there.  But If I use Get-MailboxPermission
  $username, the permissions show up:
  Identity             User                 AccessRights                                               
  IsInherited Deny
  MyDomain.net/Separa... MYDOMAIN\mysupervisor    {FullAccess}                                               
  False       False
  Why is this addition not being reflected in the shell?

  Hi,
  The cmdlet you use to grant full access permission is right. If your case, please let "mysupervisor" access to this user's mailbox and verify if he/she can access it. Maybe Exchange Management Console has not been updated well.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• How to set file to open with the latest entry?

  My "sent" file always opened at the latest entry showing the last email I'd sent but, for some unknown reason, it now loads at the top of the file showing the earliest entry. How do I get it to go back to showing the latest entries, the bottom of the file, rather than the top of the file?

  Click on the header labeled DATE to sort on that column. Click the same header a second time to reverse the sort.

• File Share TC with Windows over internet

  Am looking to give Windows users access to info stored on my TC. They will need to access it remotely and are struggling to use the standard afp (which is currently active and accessible by other mac users).
  What are the TC settings I should use?
  Is there a Windows (Vista) afp client?
  Thanks,
  Karel

  You can try SMB, but this usually isn't necessary if AirPort Utility for Windows is installed on those PCs.
  Edit.
  Sorry, just noticed you said remotely. I don't know if the above would work, then.
  Message was edited by: -(.)^(.)-

• Correct syntax to set "send as" permissions through Powershell

  Hello,
  A colleague of mine gave me a Powershell command to set "send as" permissions on a mailbox. His syntax is the following:
  Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As'
  In that example the user mentioned after "-User" is the one who's mailbox is being configured. Easy enough. Earlier Technet articles also use this syntax.
  However, I stumbled across the
  following article. Which clearly says:
  This example grants Send As permissions for Aaron Painter to Terry Adams's mailbox.
  Add-ADPermission -Identity "Terry Adams" -User AaronPainter -AccessRights ExtendedRight -ExtendedRights "Send As"
  In this example "-User" is not the one mailbox that is being configured but the person that gets the rights.
  So who is right? Technet or Technet?

  Hi Fr0ns,
  Your colleague mistook it a little bit, (and I don't think he can compete with the Technet library :)
  -User <is always someone who is given permissions to>. In the Technet example - AaronPainter gets the permission to
  Send As Terry Adams.
  You can check it yourself pretty easily - enable command logging and attempt to assign the permissions with GUI where you clearly know who gets what.
  ▲ Vote if Helpful / Mark if Answer
  MCSE: Messaging 2013 Charter / Private Cloud / Server Infrastructure
  MaximumExchange.ru

• SMB File Share Storage Failover Cluster "path is not valid folder path"

  I am having an issue that I am scratching my head over. So I have setup a 3 node Hyper-V host cluster that I am attempting to use SMB File Share storage for the shared storage medium. I have been trying to migrate a virtual machine from one of the nodes
  local storage into the file share using System Center VMM 2012 R2 with UR5 however I keep getting the message "The specified path is not a valid folder path on node2.domain.com" for the storage that VMM automatically selects for placement of files
  from the migration. However what is odd is to the same file share for storage I can do a new deployment of a virtual machine to the same cluster with the same shares; I can also delete a virtual machine from the share fine; the file share for the virtual machine
  I library I am deploying machines from is the same server as the file shares for the cluster that I am deploying to so maybe that is why that succeeds; if I try to move the recently deployed VM from one file share to another for storage same error comes up.
  The three nodes all reference the same file server, which is just one file server for the storage, and the shares were created in VMM and as such the file share permissions were setup by VMM so they should be sufficient. I have also attempted this with both
  delegation of CIFS and without through AD (trust to specified computers with CIFS, Hyper-V Replica and Microsoft Virtual Console Service via Kerberos only).
  I am stumped as to what to check next or how to get this working and would appreciate any guidance anyone can give towards a resolution for this problem.

  Jeff,
  Thanks for reporting this.
  There's an known issue with UR5 that VMM gives wrong error when deploying a HAVM onto a SMB share. In that situation, VMM complains "Invalid folder path".
  To confirm you are hitting the same issue, would you kindly let me know:
  1. Are you trying to migrate a HighlyAvailable VM onto the SMB share?
  2. On UI of "Migrate Storage Wizard", if you click "Browse", do you see the target file share showing up in "Select Destination Folder" dialog?
  3. By "the three nodes all reference the same file server", I assume you added the target file share onto the list of File Share Storage thru the cluster's properties UI. If so, please go to the UI and check whether the access status shows
  green there.
  4. By "local storage", do you mean "local disk"? Or a shared LUN from any array? I assume it's not "available storage" or "CSV" of the cluster. Please double confirm.
  Note: If we are sure hitting the known issue, I will later re-direct you to a hotfix. But let's make sure it is the issue first.
  Look forward to your reply.

• I have set up a file share but cannot login with my account

  Hi everyone. I set up a file share using the settings in OS 10.5, however when I go to login on Windows Vista using my specially created read only account (called: remote). I cannot get it.
  I can only get in using these settings:
  user name = xxx.xxx.x.xxx\myaccount
  password = blah blah blah.
  Yet when I apply the same settings changing 'myaccount' to 'remote', I cannot get in.
  I'm not sure where I am going wrong, any help would be much appreciated. Thanks!

  No need to apologise, I'm the idiot who can't setup a home network. Although I'm sure Vista is at least to blame somehow.
  I have sharing turned on and it says "Windows users can access your computer at smb://192.168.x.xxx."
  If I click "options" it has a box which has an "on" tick box and my name. I have ticked it. When I ticked it, it asked for my admin password which I supplied.
  On the firewall front I have allow all incoming connections.
  I am trying to login to 'remote' whilst my Mac is still logged in as me, 'nathan' I have successfully logged in to the mac on the same settings using account: 'nathan' on Vista whilst still in 'nathan' on the mac.
  I am trying to connect going into network on vista and selecting my mac, correct.
  The connect works with 'nathan' if I go:
  192.168.x.xxx\nathan
  password
  but for some reason the 'remote' user I have set up wont work on vista using the same format.
  Thanks.

• Setting permissions in File shares content sources

  Hello,
  we want to crawl File Shares and set them available to searches. The set up of the crawler and the indexing is not a problem and works just fine.
  The problem is that we would like to set the permissions on the results given from this content source and if possible to map the permission already on the files to the result scope. In simple words, only show the results (files) in which the AD User has
  at least read privilege.
  Is this possible? and if not which would be a solution of setting the permissions to this content source?
  Thanx in advance!
  Ioannis

  That is the default behavior of SharePoint search. It will automatically read and use the file ACL.
  One thing to note is that often users can see files but not read them on the file system, in which case they will be able to find the files in the search engine but not open them nor see within the files.

• Permissions for website directories/files & Share Points for managing files

  Hello.
  I'm wondering if anyone could lend some advice in how to best set up permissions, both POSIX and ACLs, for the following setup?
  #1 - Permissions for directories and files for hosting a website (via OS X 10.5 "Web" GUI). Basically, I'm curious as to what people suggest for the basic files for the directory (and sub-directories and files) that go into the backend (html, images, etc.) of a website? I'm going to be being files over from another machine, so I may need to propagate these permissions once they've been moved over?
  #2 - Permissions (ACL) for allowing users to access these directories and files for editing, etc. via client Macs on our LAN (this server is going to be a development web server for initial building/testing).
  Any advice would be much appreciated!
  Thanks,
  Kristin.

  Hi Kristin,
  The "other" or "everyone" group should not have "write" permissions to any files under your website document root folder. The Apache web server runs as user "www" ... "www" is usually in the "everyone" group, thus allowing read-only access to the website.
  You can set up the owner of your files to an admin account. Perhaps set up a group with write permissions to the file shares where your website files are.
  You must first analyze who should have access to what, base your groups on that ...
  Ted

• Problem with File Sharing-Permissions throughout Folders

  I'm having an odd problem when setting up a Mac Pro with File Sharing. I have a second Hard Drive in it which is a Server Drive to be shared as a networked Hard Drive for both my MBP and my Fiancee's MBP. Here is the problem I have.
  I set up File Sharing and set up both her ID and my ID. Since this is done she is able to get to drive from my MBP and she is able to get to the drive from her MBP. I am able to read or write to those folders. She is able to view them but is unable to write to them.
  I went to the Server Drive icon on the Mac Pro's Desktop. When I right click and do "Get Info" and select Sharing I can tell her ID is not listed on any of the Folders. She is listed as Read and Write for the entire Hard Drive (which is an internal drive). I am also listed as Read and WRite and then it lists Everyone and says No Access. The same is listed in System Preferences in File Sharing. I have heard this Everyone 'No Access' can cause problems but I prefer not to give access to everyone. The only other option is Read Only and Read and Write. Also, when I have Everyone selected the - sign is greyed out so I'm unable to remove Everyone.
  To continue, what is strange is I thought with it saying on the Server Drive itself for my Fiancee, read & write, that it would say this on every Folder inside. Yet when I select any Folder inside on the Server Drive and select Get Info it says for me "Read & Write" and for Staff "Read Only" and for Everyone "Read only" I'm not even sure where Staff comes fro and of course Everyone is Read Only and my Fiancee not even listed. It just seems that these file sharing permissions are not replicated througout all the Folders when I select it for the Hard Drive itself. What could be causing this and how can I get the same to go throughout the Folders? I know manually I could change them all but this would take a long time and likely still be a problem when any additional Folders are added.

  1. I have turned logged into it from my MBP while at Home and if I'm logged in as Guest I only see the Server Drive which is good. My concern is that if I log in with my login I then sell all Folders including the Main 'Macintosh HD' At least as a guest I can only see the Server Drive but is it any way I can stop it from showing all the other folders on the computer since I have no reason to do that?
  When you login to a mac as an administrator it is normal to see all the contents of the volumes connected to that mac.
  2. Also, I would like to disable all access for Guest. Yet I have it list Everyone or Guest in the file sharing and I have no way of deleting this. I don't want a Guest to be able to connect to this computer or share any files at all on it. Is there any way to disable this?
  Goto system preferernces-->accounts
  click on the lock to and enter your password to unlock the preference pane.
  Then select the guest account. Then uncheck the 2 check boxes. The account should now have 'disabled' underneath it.
  3. Security: How secure is this? I am using it on a Home Wi-Fi network with an Airport Base Station 1GB. I have the Leopard filewall set to "Set Access for Specific Services" since it won't work with "Allow only essential services" I hope my home network is more security but with Back to my Mac how hard would it be for someone to be able to find this computer on the network? I don't do any filesharing on my MBP but do have it set up for File Sharing but only with my login ID.
  If you have your base station set to distribute ip addresses then it is acting as a NAT router and will firewall you.
  I have not setup back to my mac yet so can't comment on its security. Although I would suggest a strong password.
  have a read of Mac OS X 10.5: About Back to My Mac security
  My method of remote access is to use SSH and run screen sharing over an SSH tunnel.

• IMac file share with an Imerge s3000 server.

  I cannot get ny mac to connect with an Imerge s3000 music server.  I can operate the system through the mac using the TV interface but I cannot share files.  The server is recognised by the mac on the network but each time I try to access the files it reports connection failed.  I need to access the files for backup and storing downloaded music.  I have followed all the instrctions but all goes well until the last step of opening the files.

  Hi,
  Thank you for your reply.
  I have followed the same process. The credentials which I have given are same as my PC. But I am getting the same error. Can you please clarify the statement "Service
  account that is using for file share subscription should have write access to shared folder."
  given in the above link?
  I am the one who created the folder and subscribing the report, so probably I have the full write permissions to the shared folder. What is the service account in this context?
  I think the problem is, I am deploying the report on the server and creating the shared folder in the local machine. I tried giving shared folder permissions to the user on the server. But my local machine is in local domain and I cant access the users on
  the remote server. Do I need to create a shared folder on the server? I am new to SSRS. Please help me.
  PS: I have assigned with all roles viz. Browser, Content Manager, Publisher, Report Builder etc. and My Role name (WEBSERVER\User)
  is different from my local user name (domain\username) in domain.