Validating Permissions on NTFS Folders
When permissions seem to
be configured correctly but an end user still cannot properly access a
folder or file within a folder because of group membership or some
other factor, perform the following steps:
1. | Log on to the Windows Server 2008 R2 system with an account with administrator privileges.
| 2. | Click Start and click on Computer.
| 3. | Browse
to the drive and folder on which you will validate the end user’s
permission. For this example, use the c:\HumanResources folder and
check permissions for a user named Khalil Droubi.
| 4. | Right-click the folder and select Properties.
| 5. | Select the Security tab and click the Advanced button near the bottom of the window.
| 6. | Select the Effective Permissions tab, and click the Select button to add the end user.
| 7. | In the Select User, Computer, or Group window, type in the end user’s name, and click OK. For this example, use Khalil Droubi.
| 8. | On the Effective Permissions tab, the resulting permissions will be displayed, as shown in Figure 3. This example displays that Khalil Droubi only has Read permissions and cannot create files or folders.
|
Application Access Troubleshooting
If the issue
revolves around an application running on a Windows Server 2008 R2
system, troubleshooting the application according to the application
administration guide is the recommended approach. Many applications can
be configured to use authentication using Active Directory via LDAP,
Kerberos, or NTLM authentication. Also, applications might use custom
application or database user accounts and might still require NTFS
permissions via application pool identities and service accounts. Each
application is different and should be treated as such. Specific
troubleshooting guides and backup and recovery documentation should be
created for applications before they are deployed on a network.
Data Corruption and File and Folder Recovery
When data is reported as
corrupted or deleted, administrators have the option of restoring the
data from backup using Windows Server Backup or Shadow Copies for
Shared Folders. An alternative to simply restoring a corrupted file
from a shadow copy or backup, the CHKDSK tool can be run on a disk if
multiple users are reporting issues or if disk errors have been
reported in the System event log. CHKDSK is a utility that will scan a
disk for file corruption and bad sectors. If any errors are found,
repair attempts will be made and the details will be available in the
Completed Status window. When data has been overwritten or deleted, the
only options are to recover from shadow copies or from backup media.
Recovering File and Folder Data Using Shadow Copies
To recover individual files and folders using previously created shadow copies of shared folders, perform the following steps:
1. | Log
on to a Windows Server 2008 R2 system, Windows XP SP1, or later
workstation with either administrator rights or with a user account
that has permissions to restore the files from the shadow copy.
| 2. | Click Start and select Run or type in the server and share name in the search pane.
| 3. | At the Run prompt or search pane, type \\servername\sharename, where servername
represents the NetBIOS or fully qualified domain name of the server
hosting the file share. The share must exist on a volume in which a
shadow copy has already been created.
| 4. | Right-click
the folder that will be restored or the folder that contains the file
or folder that will be restored, and select Restore Previous Versions.
| 5. | When the window opens, if necessary, select the Previous Versions tab, and select the particular folder version to be restored.
| 6. | After the folder or file is selected, click Open.
| 7. | An
Explorer window then opens, displaying the contents of the folder when
the shadow copy was made. If you want to restore only a single file,
locate the file, right-click it, and select Copy.
| 8. | Open
the server share location in which the restored file will be placed,
right-click in an empty location, and choose Paste. Overwrite the file
as required and close all the windows as desired.
|
Recovering File and Folder Data Using Windows Server Backup
To recover individual files and folders using backup media created with Windows Server Backup, perform the following steps:
1. | Log on to the Windows Server 2008 R2 system with an account with administrator privileges.
| 2. | Click Start, click All Programs, click Administrative Tools, and select Windows Server Backup.
| 3. | In the Actions pane, select Recover to start the Recovery Wizard.
| 4. | On
the Getting Started page, select either to restore data previously
backed up from the local computer or a different computer. For this
example, select This Server (Servername), and click Next to continue.
If no previous backup was performed using a local disk, choose a
different disk and locate the backup folder, which will be scanned and
will present all available backups for any system that stored a backup
in that folder.
| 5. | On the next page, select the date of the backup by selecting the correct month and click on the particular day.
| 6. | After
the month and day are selected, if multiple backups were run in a
single day, click the Time drop-down list arrow, and select the correct
backup, as shown in Figure 4. Click Next to continue after the month, day, and time are selected.
| 7. | On the Select Recovery Type page, select the Files and Folders option button, and click Next to continue.
| 8. | On
the Select Items to Recover page, expand the server node; select the
disks, folders, and files to be restored; and click Next to continue.
Note
Unlike other backup
utilities, Windows Server Backup does not contain check boxes to select
items for recovery. To select an item or multiple items, simply click
on the item to highlight it and use the Shift or Ctrl keys to make
multiple sections.
| 9. | On
the Specify Recovery Options page, specify whether the files will be
restored to the original location or an alternate location. Do not
click Next.
| 10. | On
the Specify Recovery Options page, if the restore will be placed in the
original location, specify how to deal with existing files by choosing
to either create copies in the same folder, overwrite the existing data
with restore data, or do not recover items that already exist, as shown
in Figure 5.
| 11. | On
the Confirmation page, verify the restore selections and options. If
everything is correct, click the Recover button to start the recovery
process.
| 12. | On the Recovery Progress page, verify the success of the recovery or troubleshoot the errors if the recovery fails.
| 13. | Click Close to complete the recovery and close Windows Server Backup.
| 14. | Browse
to the location of the restore to verify the recovery, and if the
create copies option was selected, notice that there are two copies:
the original and the restored, which is named after the date and time
the backup was taken. When you are finished, log off of the server.
|
|