QoreStor supports setting up share-level permissions for CIFS shares using the standard Microsoft Windows administrative tool, Computer Management. Computer Management is a component that is built into the Microsoft Windows 7, Vista, and XP operating systems.

NOTE: Any user that is part of BUILTIN\Administrators can edit ACLs on CIFS shares. The local QoreStor administrator is included in the BUILTIN\Administrators group. To add additional domain groups to the BUILTIN\Administrators group, you can use the Computer Manager tool on a Windows client to connect to QoreStor as Domain administrator and add any groups you want. This capability allows users other than the Domain administrator to modify an ACL as needed.

This administrative tool lets you control access to shares and also configure read-only or read-write access to user groups or individual users within the Active Directory Service (ADS) when joined to an ADS domain.

To implement share-level security on a QoreStor instance that has been joined to an ADS domain, make sure that you have mapped a drive on theQoreStor system using an account with DOMAIN\Administrator credentials (or by using an account that is equivalent to a domain administrator). For more information about joining to an ADS domain, see Configuring Active Directory Settings.

NOTE: If you do not use an account with sufficient privileges, you will not be able to see the shares or you may experience other problems.

  1. Click Start > Control Panel > Administrative Tools > Computer Management.
  2. Click Action > Connect to another computer... .
  3. Click Another computer, type the hostname or IP address for this QoreStor server, and click OK.
  4. Click System Tools, and click Shared folders.
  5. Click Shares to display a list of the shares managed by QoreStor.
  6. Right-click on the share of interest, and select Properties.
  7. Click the Share Permissions tab in the specified share Properties page.
  8. To remove existing access permissions to the share, or add additional groups or user that can access the share, complete the following:
    • To add access for a new group or user, click Add... to display the Select Users or Groups dialog.
    • Click Object Types..., choose the object types you want to select (Built-in security principals, Groups, or Users), and click OK.
    • Click Locations... and define the root location from which to begin your search, and click OK.
    • In the Enter the object names to select list box, enter any object name(s) you want to find.

      NOTE: You can search for multiple objects by separating each name with a semicolon, and by using one of the following syntax examples: DisplayName, ObjectName, UserName, ObjectName@DomainName, or DomainName\ObjectName.

    • Click Check Names to locate all matching or similar object names that are listed in the Enter the object names to select list box, by using the object types and directory locations you selected.
  9. Click OK to add the object to the Group or user names list box.
  10. In the Permissions pane for the selected object, select the Allow or Deny check box to configure the following permissions:
    • Full Control
    • Change
    • Read
  11. Click OK to save the selected share permission settings associated with the selected object.