Cannot copy file to another computer with Group Policy - windows-10

I created the GPO and wanted to copy files to another computer.
(Computer Configuration > Preferences > Windows setting >Files)
The file is located on the server and shared.
The folder security permission details.
Action: Update
Source File: \\servername\test\copyfile.txt
Destination File: C:\test\copyfile.txt
Expected the file is copied,but there no file is copied.
The log is shown successful.
I searched this issue on Google and tried to follow their solutions but it still doesn't work.

Do domain computers (because you are using a computer configuration) have access to read that share? If the share is set to only allow user accounts, then the computer object can't read your file.

Related

How do you allow IIS to access a symlink folder?

I have a two webservers, on each webserver in the C:\inetpub\logs\LogFiles I have created a symbolic link to the other servers log file folders, so essentially I can be logged in to one of the webservers and see the logs on both servers in one place. This works perfectly.
I am building a webpage to make the log files available via a webpage, the code simply goes to the C:\inetpub\logs\LogFiles directory and lists the files in each sub folder, i.e. W3SVC1 (the local folder) and webserver2-w3svc1 (the remote log folder).
For the local folders it works fine, but I am getting the "access denied" error when trying to call Directory.GetFiles on the symlinkd folder. I suspect this is some sort of permissions error, but I tried giving the symlinkd folder full permissions to "everyone" but I still get the same error.
Is this something to do with the fact that when I created the symlinkd I had to enter the username and password of the webserver2, and these credentials cannot be accessed/used by IIS when trying to get access to the folder?
Is there anything I can do allow IIS to access the contents of this symlinkd folder?
I don't think you need to use a symlink, you can create a virtual directory mapping to that directory in IIS, just map it to the target path. In IIS, right click on the website and select Add Virtual Directory.
For more information, please refer to this official document.
After much experimentation, the only way to do this is as follows:
Create a new user on the computer.
Run the AppPool in IIS under this new users' identity as opposed to the default IUSR account.
Give the folder you are sharing permissions to this user AND 'share' this folder with the new user.

AppData Folder Redirection manual registry change

We have app data folder redirection group policy in place. We are moving back to local appdata which is currently redirected to network share. Also, the option to move the contents to new location in gpo is enabled. On many occasions the policy is failing due to content move with several reasons (256 character limit, permission issues, etc).
My question is lets say hypothetically disabling the move content to new location in GPO is not an option here. I am changing the registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders AppData to %userprofile%\AppData\Roaming on user’s laptop, getting the user to reboot the machine. After that, when user logs in, the GPO will now check the registry which is already set to local, it will not move the contents and successfully complete the policy. I have tested and it works.
This may not be right way of doing it, will there be any issues using this method going forward in terms of user’s app data location ?

Renaming executable's image name is giving it write permission

Dear community members,
We have three of same hardware Windows 7 Professional computers. No one of them is connected to a domain or directory service etc.
We run same executable image on all three computers. In one of them, I had to rename it. Because, with my application's original filename, it has no write access to it's working directory.
I setup full access permisions to USER group in working directory manually but this did not solve.
I suspect some kind of deny mechanism in Windows based on executable's name.
I searched the registry for executable's name but I did not find something relevant or meaningfull.
This situation occured after lot of crashes and updates of my program on that computer (I am a developer). One day, it suddenly started not to open files. I did not touch registry or did not change something other on OS.
My executable's name is karbon_tart.exe
When it start, it calls CreateFile (open mode if exist or create mode if not exist) to open karbon_tart.log file and karbon_tart.ini file.
With the files are exist and without the file exists, I tried two times and none of them, the program can open the files.
But if I just rename the name to karbon_tart_a.exe, program can open files no matter if they are exist or not.
Thank you for your interest
Regards
Ömür Ölmez.
I figured out at the end.
It is because of an old copy of my application in Virtual Store.

Giving writing permissions for IIS user at Windows 2003 Server

I am running a website over Windows 2003 Server and IIS6 and I am having problems to write or delete files in some temporary folder obtaining this kind of warmings:
Warning: unlink(C:\Inetpub\wwwroot\cakephp\app\tmp\cache\persistent\myapp_cake_core_cake_): Permission denied in C:\Inetpub\wwwroot\cakephp\lib\Cake\Cache\Engine\FileEngine.php on line 254
I went to the tmp directory and at the properties I gave the IIS User the following permissions:
Read & Execute
List folder Contents
Read
And it still showing the same warnings.
When I am on the properties window, if I click on Advanced the IIS username appears twice.
One with Allow type and read & execute permissions and the other with Deny type and Special permissions.
My question is:
Should I give this user not only the Read & Execute permissions but also this ones?:
Create Attributes
Create Files/ Write Data
Create Folders/ Append Data
Delete Subfolders and Files
Delete
They are available to select if I Click on the edit button over the username.
Wouldn't I be opening a security hole if I do this?
Otherwise, how can I do to read and delete the files my website uses?
Thanks.
Finally what I did was giving read/write/modify permissions on app\tmp folder for the Internet Guest Account.

Windows 7 Domain Account cannot read/write inside AppData folder

I am creating an installer with InnoSetup. My program requires that I be able to read and write to files as it reads data from my hardware device that is connected over IPv4. I also write to files as I am creating content within my program. I am having issues on a Windows 7 Professional 64bit machine that has a domain account. It is not allowing some .exe files within my program to open as necessary. The .exe files that need to open are reading and writing data from the files to which I have created content with the main exe of my entire program. The error that comes up is when I click a button in one program that will open another .exe file. The error reads Failed to set data for "". It seems as though the argument is being passed for my button link, but the link becomes null where it is trying to open "" file, which does not have a pathway. There appears to be some permission on the file that is rendering its location as unreadable, thus giving the failed to open "" location.
I have setup my installation file with the following flags that I believe should be necessary to allow read/write access in Windows 7.
[setup]
DefaultDirName={localappdata}\{#MyAppName}
; to install to localappdata folder of local user
[Dirs]
Name: "{app}" ; Permissions: users-modify users-full
; to allow the user to have read/write permission of all files within the installation folder. This should not be necessary because localappdata should already have read/write permissions.
This works fine on other machines that have only local user accounts. However, on the same computer that I am having trouble with, I have tried logging in as a local user account and I still find the same errors.
What am I missing to allow the program to read/write to all files within my installation folder, located in c://user/domainaccountaddress/appdata/local/my program directory?
I'm quite new to this, all advice is appreciated.

Resources