By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SMB File Share SG joined to domain

0

I have been testing with EC2 storage gateway with file share joined to our domain. I have added admins in file access settings. I am trying to move our on prem shared drive to aws using storage gateway. Enabled windows ACL. Mainly two questions: 1)Which is the best way to prevent users (with access to file share) to add permissions for another users? Any user that has access to the file share can modify permissions, even his own permissions. 2)Also the ntfs permissions already assigned on shared drive on prem doesn't get copied with copying folders to file share. It just sets to everyone when copied to file share. Since it's a large amount of data (around 10 TB), if i do robocopy will the permission also moved to file share? I will be doing robocopy on our file server. File share is mapped on server.

Topics
Storage
Tags
Amazon Simple Storage ServiceAWS Storage GatewayStorageFile Sharing
Language
English
rePost-User-8487744
asked a year ago291 views
1 Answer
1

Hello,

You can control permissions on the SMB file share granularly using NTFS ACLs from Windows explorer or using PowerShell.

  1. To prevent users to change/grant permissions to other domain users, you would need to ensure those AD user/group are not granted Change Permissions or Full Control NTFS permissions on specified file/folder. However, please note that the owner of the file/folder can always change permissions for themselves or grant permissions to others regardless of any existing permissions on that file/folder. Please refer here for additional information.

  2. With robocopy command, please ensure that you are using /S flag to copy NTFS ACLs. You can use the following robocopy command which would copy data, attributes, timestamps, NTFS ACLs and ownership information. Please refer here for more information.

    robocopy Y:\ Z:\ /copy:DATSO /secfix /e /MT:8

Additional references:

https://docs.aws.amazon.com/filegateway/latest/files3/best-practices-copying-files-on-windows.html https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSMBFileShare.html#StorageGateway-CreateSMBFileShare-request-AdminUserList

profile pictureAWS
Surya
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content