Quantcast
Channel: File Services and Storage forum
Viewing all 13565 articles
Browse latest View live

OneDrive for Business Folder Sharing

$
0
0

Hi,

I have been asked if its possible to setup OneDrive for Business for a company.  This company is based on an airfield, and has terrible internet connection, it's shockingly slow.

I have uploaded their documents onto OneDrive for business, and set relevant permissions, but it seems that for them to be able to access the files, users need to log in via the internet, and because of how slow their connection is, that is not possible.  I was hoping the OneDrive App in W10 would allow me to point at the share folder on the server, but it won't let me.

So, I then though maybe I could give internal users NTFS shares to the OneDrive folder on the server, and just allow the remote workers to log into OneDrive, so they can all see documents in real time.

Is this possible, or what would be the best way forward?

Thank you


access denied to one folder and its files

$
0
0

Under security message the administrator and all other admins show access denied and the same for all users, if you go to advanced under you can take ownership, owner and all users and admins have full control, includes inheritable from parent checked. All other folders under this parent have full control. I attempted to use icasls * /t /Q /c /reset 99% of files access is denied. 

This folder holds a year of data  3 folders and about 500 files.  One can take ownership on an individual file then grand full control and gain access to that file, this same procedure works on the folders but does not allow one to access any files. Looking for a workaround to avoid haveing to perform a five step process  on each file. 

Any help /support suggestion appreciated.

Thanks Bob

autochk - What is mean /q key?

$
0
0
Hi,

I noticed in Server editions system run disk check with:

autochk /q /v *

What is mean /q switch?

Thank you.



NTFS rights: UNC vs mapped, Explorer vs command prompt

$
0
0

The short story: when a user has traverse-only rights to the root of a shared folder but full rights to a subfolder, the user cannot browse to the subfolder (correct) but can open the folder using the explicit path & change files in that subfolder (also both correct), whether via mapped drive or UNC path. However, the user cannot add/delete/copy files to or from that folder when mapped (incorrect), only via UNC path. On the other hand, the user can create/delete files in that same folder, accessed via mapped drive, using command prompt (inconsistent with above behavior).

I already know I can add List folder contents at the root of the share to overcome this, but that is a right I am trying to avoid, and I am trying to understand the nuance of file security here.

The long story:

In order to keep curious users from simply browsing to certain key shared application folders on my Windows 2012 R2 server (same thing happens on 2008 R2, though), I do several things:

1. Give Authenticated Users only these rights at the root of the drive hosting the share: Traverse folder / execute file, Read attributes, Read extended attributes, and Read permissions.
2. Create the share as a hidden share. That is, share D:\Apps as Apps$. It is accessible as\\MyServer\Apps$.
3. Give Everyone Change & Read shared (not NTFS) permissions. There is no need for Full Control, since I do not want users to be able to change the share permissions.
4. Add group-based enhanced rights to specific application subfolders to which each group needs access. The additive rights are these: Modify, Read & execute, List folder contents, Read, and Write; in short, the basic rights required to create, modify, and delete folder contents.
5. Map a drive to the Apps$ share for those user groups that require access to it. For example, my login script maps J: to\\MyServer\Apps$ by non-persistent "net use..." statement.
6. Create a shortcut to the particular application and distribute that to user groups that require it.

The reason for all of this is simple security: these application folders do not house files that users should ever interact with directly; the files are back-end data for which all interaction should be through a front-end application, for example, QuickBooks company files and MS Access front/back ends.

All of this ensures that:
1. No curious user or malware can even find the shared folder. The hidden share ($) takes care of that.
2. No over-curious user with just enough knowledge to be aware of the default root administrative hidden shares (C$, D$, etc) but with too much time on his hands can browse the drive from the root up by navigating to\\MyServer\D$. Traverse-only at the root ensures this.
3. No curious user can browse for the application folders downline from the share. This is important because the drive mapping exposes the share name to the user, and a user could just double-click the drive letter, then browse and copy/delete a back-end data file, accidentally or otherwise.

This all works perfectly:

1. Front end applications can appropriately add/remove data from the files based on the logged-on user's enhanced rights to the particular application folder.
2. The application shortcuts I distribute point directly to the files in the downline folders, for example to J:\App1\MyApp.accdb (MS Access application), where J: is mapped by domain login script to\\MyServer\Apps$. The user can open the application and
3. Access to the downline folders is arcane enough that anyone except a very knowlegeable user would ever know that browsing must begin, not at the root of the mapped drive or share, but with the specific folder. That is, an end user cannot browse to\\MyServer\Apps$ or the J: drive mapped there because the user has traverse-only rights there, but the user can get to\\MyServer\Apps$\App1 or J:\App1, where the user has read/write access, so long as the user enters the full path, bypassing the root of the share. I am pretty sure nobody has ever figured that out.
4. In all of this, I have no problem browsing to and manageing all of this when logged on using a domain admin account.

But there is one thing I do not understand: there is a difference in users' file-management rights, not affecting the ability to modify files, depending on whether they access the folder via UNC path or mapped drive. I have one user now that is a developer, and I created this shortcut for him: J:\HisAppsFolder so he can push applications into that folder. While he can open files there (e.g. open the Access file there and use it, including changes that modify the file), he cannot copy anything to or from the folder or make changes. On every attempt, he gets a "J: is not accessible" message accompanied by "Access is denied." However, if he instead goes to the same folder using path\\MyServer\Apps$\HisAppsFolder, he has (correctly) full access.

In fact, he can open a text file already in that folder, make changes, and save the changes. This, and the fact that this all works when using UNC-based access to the same folder make it obvious that he has full rights to the folder. However, he cannot copy anything to or from the folder, even using XCopy. On the other hand, in a command prompt, he can go to J:, then cd to the folder and delete files there via command or create a file by doing something like this: dir > dir.txt.

I have found that only after I add "List folder contents" access to the folder to which I map the drive (or above) can the user fully interact with the downline folder to which he has full rights. But I really do not want to expose the folder list to users at this level, and the user can already, without this right, list and modify files in the downline folder; he just cannot add, copy, or delete from the downline folder when connected via mapped drive. How is it that List folder contents must exist at the root of the share in order for a user to have the full benefit of full rights already set on downline folders? And how is it that the command prompt can completely bypass this restriction?

After spending so much time working out all these details, it would be a shame to go away without understanding why this particular limitation exists, why it does not exist within command prompt, and how this all may affect me in the future. I have tested this on multiple domains and with server 2008R2 & 2012R2.



DFS shows wrong free disk space

$
0
0

Hello,

We have a few Fileservers in use and use DFS for our shares (Windows Server 2008R2 and Windows Server 2012R2).
When we do the mapping to those shares, Windows Clients (Windows 7 and Citrix) show the wrong free disk space.
For example: T:\ Drive has a 1TB disk attached and free space on this drive on the Fileserver is 850MB but on the mapped drive on the local client it shows free disk space 111GB. This is because the mapped drive connects to the DFSRoots from the local C:\ from the Fileserver.
I am aware of that I could remove the Namespace-Server and add it again and change the DFSRoots to the disk which is actually the mapped disk. But as we have around 20 Namesspaces and different disks this wont work.

Does anybody had the same issue or is this a known problem with DFS?

Any help would be appreciated

Regards

Andre

ReFS test with corrupt data. Does it work?

$
0
0
Has anybody here actually tested the resiliency features of ReFS with example files exhibiting corruption?  I am doing some testing right now and would like to compare notes with others.

Namespace Shares Freezing, Direct Shares work fine.

$
0
0
Hi Everyone,

We have a Hyper-V virtual file server running Win2008 Standard 64bit.
It has one share, that is in dfs (no repl partners) and published to the domain.

When accessing the share through namespace "\\domainname.com\share", several users would freeze.
Explorer would just completely freeze and eventually come up after 2 or 3 mins.
This was affecting about 75% of our users and was random.

When accessing the share directly from the server "\\servername\share" it worked just fine.

The share is being used for folder redirection for My Documents.

So we tested by having the folder redirect to the namespace,
and then mapping a drive to the same folder driectly on the server, not the namespace.

Trying to access by double-clicking the My Docs folder cause the freeze,
but accessing from the mapped drive works fine.

We want to set up DFS to replicate, so we can have redundant file servers.
That is why we need to use the published shares.

This is a brand new Dell PowerEdge 2950-III with 16GB RAM and 2 Quad-Core Xeon 2.33 cpus.

The parent server is running Win2008 Standard 64bit,
and is only running the Hyper-V roll, nothing else.

Any help would be appreciated.

Thanks,
Chris
Chris

Data Integrity Scan Doesn't Work

$
0
0

When I run the Data Integrity Scan manually within the Task Scheduler, it runs and completes immediately without doing anything even though I know there are corrupt files in the volume.  The following are the event log entries.  Notice that most of my files are skipped.  Why doesn't the scan attempt to fix corrupted files?

Integrity is both enabled and enforced for all of the several hundred files.  The ReFS storage space is a two-way mirror.  Both drives are attached via SATA and the motherboard BIOS SATA Configuration is AHCI.

Information:

Started checking data integrity.

 

Information:

Disk scan started on \\?\PhysicalDrive9 (\\?\Disk{ecb98218-784e-47d5-b316-941ae9595eb4})

 

Error:

Volume metadata scrub operation failed.

Volume name: I:

Metadata reference: 0x204

Range offset: 0x0

Range length (in bytes): 0x0

Bytes repaired: 0x0

Bytes not repaired: 0x3000

Status: The specified copy of the requested data could not be read.

 

Error:

Files were skipped during the volume scan.

Files skipped: 310

Volume name: I:\ (\??\Volume{53d99c4e-9ad6-11e8-8448-0cc47ad896dd}\)

First skipped file name: I:

HResult: The specified copy of the requested data could not be read.

 

Information:

Volume scan completed on I:\ (\??\Volume{53d99c4e-9ad6-11e8-8448-0cc47ad896dd}\)

Bytes repaired: 0x0

Bytes not repaired: 0x3000

HResult: The operation completed successfully.

 

Information:

Disk scan completed on \\?\PhysicalDrive9 (\\?\Disk{ecb98218-784e-47d5-b316-941ae9595eb4})

 

Information:

Completed data integrity check.






Workfolder event-id 2100 - error 0x80072efe on some W7 Pro clients

$
0
0

Hello,

We have for some weeks on some PCs with Windows 7 prof. errors in the Workfolders.

"Error while synchronizing. Workfolderpath C:\Users\username\work Folders\; error 0x80072efe"

Event-ID 2100

see pic:

Not on all W7 Prof. Clients occurs this error. So is must be a Client mistake not a Workfolder Server error.

Whats wrong? 

Thanks for help.


Danke und liebe Grüße Oliver Richter

ISCSI Initiator sends command PDU with repeat CmdSN after a reject

$
0
0

I believe I am seeing a problem with ISCSI Initiator.  When a Command PDU that's sent by ISCSI Initiator is rejected by my target (Reject PDU), it appears ISCSI Initiator retries the same Command PDU but fails to increment CmdSN.  So my ISCSI target, seeing an "old" CmdSN, simply drops it which eventually leads to Task management by ISCSI Initiator.

Here the order I observe:

1. ISCSI Initiator issues command PDU with CmdSN 0x50.

2. Target rejects with Reject PDU, ExpCmdSn in Reject PDU is 0x51.

3. ISCSI Initiator retries command PDU again with CmdSN 0x50.  (against spec)

4. Target ignores the retry.

5. ISCSI Initiator issues LUN Reset because target never responds.  LUN Reset has CmdSN 0x51.

6. Target processes LUN Reset.

I believe this is a problem with ISCSI Initiator as commands, even retried commands, should never repeat CmdSNs.  Is anyone else seeing an issue like this?  Is there a method to formally file a bug against this?


Standard file name template

$
0
0
Is there a way within a Windows LAN file server environment to enforce a file naming standard that would prefix any file being saved to the LAN to be prefixed with YYYY MM  DD ?

Storage Spaces Direct (S2D) How Upgrade Cache SSDs?

$
0
0

How would you go about upgrading the cache SSDs in an S2D Cluster?

We have a 3 Node Cluster with 4x 1TB SSD and 8X HDDs in each.  We want to upgrade the existing SSD for a new model. 

We want to know

1. Can this be done efficiently without downtime for the cluster?

2. Must the same number of SSDs be used, ie can we replace the 4x 1TB with 2x 2TB?

I see info on how to replace a failed disk, or add disks to a cluster.  I was not able to find anything on upgrading a group of Cache SSDs or Storage HDDs. 

Thanks,

Todd


Todd Hunter

Can't access server's files via SMB but the server can access others.

$
0
0

Hi, I got a weird issue today:

I have 3 servers: A B C, A and B are on the same network, C is on a different one.

A and B can reach each other files via SMB. However, A and B are not reachable by C (via SMB of course). BUT, A and B can connect to C.

I've tried to disable firewall on A, but it's still not reachable by C. Tried to restart related services as well.

All 3 server are Windows 2016 (1607) with latest updates.

Server to Server stroage replication Many to One

$
0
0

Hi,

I understand how you set up <g class="gr_ gr_17 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="17" id="17">server</g> to server storage replication but can you do it a many to one relationship?

For <g class="gr_ gr_28 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" data-gr-id="28" id="28">example</g> if <g class="gr_ gr_29 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="29" id="29">i</g> have 10 file servers  "Company A" and "Company A" has a DR site with loads of storage, can set up one 2016 server at my DR site and get the file servers to replicate there to this one server? or is it a one to one relationship? 

We've using DFS at the moment but <g class="gr_ gr_58 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="58" id="58">its</g> not working that well (3 support calls with <g class="gr_ gr_89 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="89" id="89">microsoft</g> in 1 year as it keeps failing). 

Cheers

Richard


Windows Server 2003 Indexing Service vs. Microsoft Search 4.0

$
0
0
I configured Windows Indexing service on Small Business Server 2003 a few months ago. I configured it to ONLY index one folder shared out to the network.
A windows 7 client could not add the shared folder to their 'library' for fast search capability.

After some brief research, I downloaded & installed Microsoft Search 4.0 on the server. After restarting the server, the search 4.0 was immediately indexing all shares and then some. The Windows 7 client told me the shared folder was now available. I don't mind this behavior and I see where I can tweak some settings and remove some locations.

What I'd like to know is the following:

The old Windows Indexing Service is still running and my configuration is still, well, configured. I stopped the service and set it to MANUAL.
Is this the correct procedure or best practice? There's no need for two indexing services, or is there? If not, why didn't the MS Search 4.0 installation stop the older service?

Thanks for any insight!


-JoeF

Accessing NFS shares hosted on Server 2016 gets stuck on LS and CD commands

$
0
0

I recently setup a new fast machine to be a file server for windows and Linux clients. It is running NFS for the Linux clients. Previously we were doing this for a couple of years on an older server with 2k12R2. Never had any issues with the speed of the NFS shares. Since switching to 2016, with all the software setup as identical as I can make it, but with faster hardware (all SSDs instead of hard drives and faster CPU), the Linux clients take 30 seconds to 1 minute to do an initial LS of files in a folder. Also CD to another directory will sometimes take the same amount of time. Then everything will be fine for a while, but sooner or a later the delay comes back. I've been doing research for days on this issue and so far cannot find a reason why this is happening. I did notice today a warning in my event log on the new server in ServicesForNFS-Server: Operational which I don't see ever happened in the old server's event log. Could this possibly be related?

There is an attemp (sic) to access file with invalid NFS handle signature: Status 0xC0532711

virtual disk interleave size and new volume allocation unit size should be same?

$
0
0

I have create virtual disk with interleave size of 64K and when I create volume and format disk, should I set Allocation unit size to 64K too or should I leave it default? 

I want to use it as iscsi server and iscsi disk will create on that volume. Your advice is much appreciated.

Rgds,

Files lost after removing a DFS-R Folder Exclusion

$
0
0

Hello,

we are using DFS-R on 3 Servers (2 x Windows 2012 R2 and 1 x Windows 2016).

Both 2012 servers are in production since a few years and we added the 2016 server a few weeks ago. The initial replication finished successfully and we wanted to remove an excluded folder but we noticed a strange issue:

The excluded folder was only present on one server (2012 R2). After removing the exclusion, the folder structure got created on the other servers. But after that, we checked the event log on the main server (the one who contained the excluded folder) and we saw a lot of 4412 entries (The DFS Replication service detected that a file was changed on multiple servers. A conflict resolution algorithm was used to determine the winning file. The losing file was moved to the Conflict and Deleted folder)

So basically all data was lost, even on the server who contained the data and we had to restore it from backup.

Can anyone explain this? We have to do this for another DFSR Group and we need to find the issue first.

Regards,

Philipp


Philipp Mair

Maximum LUN size for Windows 2012 R2 Server

$
0
0

Dear All

                What is the Maximum size of the LUN that can be provided to Windows 2012 R2 server? After searching for the internet, I found that the Maximum LUN is  17TB for GPT dynamic disk. I have storage LUN the size of 120 TB I just want to know which file system will support this much size.

Regards

Rashid

User rights to edit folder permissions

$
0
0

Hello

In my organisation we have file server. 

I want the user (folder Owner) to be able to edit the permissions (add or delete some users) of the folders on the file server but he couldn't remove the administrator from the permissions.

Is there any way?



Viewing all 13565 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>