Jump to content
RESET Forums (homeservershow.com)

What credentials are used by a service to access a NAS?


Trimble Epic
 Share

Recommended Posts

I am running a combination of Plex and Sonarr in a VM on my server.  The VM is running 2012R2.   All of my video files are stored on a Drobo NAS.

 

Here's the problem...

 

In an effort to lock-down file permissions to prevent a possible ransomware attack from being able to write to the video share, I have locked down the write permissions on the Drobo for that share to just one account (plus the Drobo admin account).  After doing that, my Sonarr stopped moving files.

 

I had been trying all kinds of things with drive mappings and using direct access (ie. \\Drobo\Video\TV Shows\) trying to make it work, when suddenly yesterday it occured to me - The Sonarr process runs as a service on the OS, such that it runs when I'm logged out.  That means the service is NOT running under the credentials of the user I've mapped drives with...  So, that explains why the service can't write to the share, but I can do anything manually while logged in as the user...

 

So, my question is this: Can I configure a user credential on the Drobo (username and password) that would be used by a service running on WS2012r2?

 

My goal is to at least require a password for that machine to be able to write to that share, such that a ransomware infection would not be able to guess the password.  I want to NOT allow public/anonymous users to write to that share.

 

Again, to clarify - this is not about trying to adjust the permissions of a share on the windows server.. .this is about finding a way for a service running in windows server services space to access a share on a NAS using credentials instead of using public/anonymous.

 

Is there a way to map a drive using specific credentials that would be used by the services account in windows server?  or is there a way to specify what credentials it would use for direct access?

 

Thanks!

Link to comment
Share on other sites

The easy way? Change the credentials that Sonarr uses to run as a service under. 

 

Run "services.msc", find "NzbDrone", right click on it and select "Properties". Open the "Log On" tab, select "This account", and set it to the desired account.

 

Sonarr will run under these credentials and should be able to access the network shares without having to do anything. 

  • Like 1
Link to comment
Share on other sites

The easy way? Change the credentials that Sonarr uses to run as a service under. 

 

Run "services.msc", find "NzbDrone", right click on it and select "Properties". Open the "Log On" tab, select "This account", and set it to the desired account.

 

Sonarr will run under these credentials and should be able to access the network shares without having to do anything. 

 

Awesome.  That's exactly the type of solution I was looking for.  Trying it now.

 

I also realized picoTorrent doesn't seem to want to write to the share... Is it also using a service account to download stuff?  I'll have to check into that.

Link to comment
Share on other sites

Welcome.  If you run into any issues with it, there are  some other things to help fix it, as well.

 

And picoTorrent should work the same way.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...