Integrating Local File System Security Into Windows Domain Environments; Comparing Administrative (Hidden) And Standard Shares; Managing Shares - HP StoreEasy 1000 Administrator's Manual

Integrating local file system security into Windows domain environments

ACLs include properties specific to users and groups from a particular workgroup server or
domain environment. In a multidomain environment, user and group permissions from several
domains can apply to files stored on the same device. Users and groups local to the HPE
StoreEasy 1000 Storage can be given access permissions to shares managed by the device.
The domain name of the storage system supplies the context in which the user or group is
understood. Permission configuration depends on the network and domain infrastructure where
the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over the
network. (NFS supplies a machine-based context.) When new files are created by those users
or machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared
permissions are propagated into a file system ACL, and when new files are created over the
network, the user creating the file becomes the file owner. In cases where a specific subdirectory
of a share has different permissions from the share itself, the NTFS permissions on the
subdirectory apply instead. This method results in a hierarchical security model where the network
protocol permissions and the file permissions work together to provide appropriate security for
shares on the device.
NOTE: Share permissions and file-level permissions are implemented separately. It is possible
for files on a file system to have different permissions from those applied to a share. When this
situation occurs, the file-level permissions override the share permissions.

Comparing administrative (hidden) and standard shares

SMB supports both administrative shares and standard shares.
Administrative shares are shares with a last character of $. Administrative shares are not
included in the list of shares when a client browses for available shares on a SMB server.
Standard shares are shares that do not end in a $ character. Standard shares are listed
whenever a SMB client browses for available shares on a SMB server.
The HPE StoreEasy 1000 Storage supports both administrative and standard SMB shares. To
create an administrative share, end the share name with the $ character when setting up the
share. Do not type a $ character at the end of the share name when creating a standard share.

Managing shares

Shares can be managed using Server Manager. Tasks include:
Creating a new share
Deleting a share
Modifying share properties
Publishing in DFS
CAUTION:
is using that share.
NOTE: These functions can operate in a cluster on select servers, but should only be used
for non-cluster-aware shares. Use Cluster Administrator to manage shares for a cluster. The
page will display cluster share resources.
144 File server management
Before deleting a share, warn all users to exit that share and confirm that no one