Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Change the 'SynchroniseFSASharePermissions' setting to be per FSA Folder

Created: 09 Sep 2013
Tgotschall's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

This needs to be changed because it is a global setting and only has two options.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\SynchroniseFSASharePermissions

0= Sync with NTFS permissions of the folder being archived (This is the desired behavior for most instances for us)

1= Inherit the Share permisssions of the Share on the FSA Entry point (Default)

In most cases, we want the users to see the permissions the opriginal folder and not the share permissions of the Entry point for active Data. This works great until you need to delete the original data/folder. The Event log fills up with errors because it is trying to synch with a folder that is no longer there.

An example:

A user retires, we move his user drive to a folder that is set to archive all files and delete the shortcuts. After wards, we want to delete the original folder. Now we have errors generated in the event log. We need to be able to set the properties of the archive in the GUI to inactive or something similar so that it will quit trying to synch and we need to be able to assign permissions appropriately. You can't remove the automatic perms without using the ZAPFSAPerms script. This is not convenient for a large number of users and is a cumbersome process.

Tech supports answer was to change the setting to "1". Well that stops the errors but now it puts the root share permissions on all the archives. This is not convenient because you don't want this in all cases either. You want the active archive folders to get NTFS permissons. Accepted procedure in an AD environment is to assign Everyone Full COntrol to the share and use NTFS perms to control access.

Instead of this setting being global, it needs to be able to be set on the FSA folder level or archive level to use either share perms or NTFS perms and we need to be able to remove any automatic perms on an archive with a simple checkbox override.

We have actually stopped the FSA archiving progress because of the "all or nothing" implications of this setting.

If we could have the ability to set this at the Entry Point or even better, at the FSA Folder under the Entry Point we could have the best of both worlds.

1) Archiving on a user's folder can synch with the NTFS perms.

2) Retired data could be put into a folder that uses a limited access share for permissions and eliminate sync errors in Event viewer.

3) All Archives should have the capability to clikc on an overrride checkbox to ignore/remove the automatic permissions instead of using ZAPFSAperms script.

It would be a great help to the FSA process to have these changes implemented in a future release.

Thanks,

Troy.