Jump to content
RESET Forums (homeservershow.com)

WHS Connector to User Profile Killed Security and ACL structure


Tom Grundy
 Share

Recommended Posts

Nightmare on WHS Street!

 

I had a Windows Home Server V1 running for several years now without a single problem. Over the years I've added PCs and Laptops, added each to WHS through the connector software; relying on the WHS to produce backups and provide share folder access.

I finally reached the end of life on my Dell XPS600 after many years, it was running Windows 7 Pro and for an older system worked like a champ.

 

I replace my old XPS with a new XPS. I added to my new PC a Profile keeping my Profile Name and Password the same and set up the connector all seemed to work. I realized quickly that the new PC was on Windows Home Premium and then upgraded to Windows 7 Professional (otherwise no remote access through WHS).

 

After a short time I started getting Security errors. The firs ones were when installing the WHS AddIn Lights Out. The Lights Out Update was not seen by the WHS Add In Console control. I examined the LO Installer and found that the Object had NO Owner. This was a setback but not a killer, I took ownership on the WHS installer object and it showed up. Light out updated WHS and every Client PC Servcie and all the PC Clients Startup except my new PC.

 

After a bit of digging I noticed that my new PC had been chaned. Every Subdirectory, clild, and Object except C:\Windows had no Ownership. All my programs started to have errors, some would run after I bypassed the UAC warning, even those that used to run perfectly.

I've been working thru the long, long , long list of Subfolders, child directories, and objects to pass back ownership from nothing to me. Unless someone has a brilliant idea I'm just abour ready to kill WHS v1 and my new PC. Loading up WHS 2011 and completely rebuilding my PC from scratch.

 

What's worse when I update some subdirectories, the child directories do not update, and I get Access Control Level sturctures errors. No many of my programs will no longer autostart, instead I'm forced to start them manually and approve the UAC message approving access to run (like having it in the Start directory was just a little joke.

 

Should anyone have a an idea on hoe to fix this I'm all ears!

 

Tom Grundy

tlgrundy@pacbell.net

Edited by Tom Grundy
Link to comment
Share on other sites

I can't help with all of it, but I can confirm that I have also run into the issue of Windows not propogating permissions/ownership settings to all sub folders as you would expect. That part, at least, is not a WHS or Connector issue per se; I've seen it on a number of machines that have never seen a WHS.

Link to comment
Share on other sites

Jeff Lounge over at the Microsoft's Facebook "Quality Products Online" page pointed to a article by Jesper Johansson who discusses the new Secrity model rolled out with Vista. Jesper's article points out how the Access Control Lists Entries (ACEs) were enveloped into the new Security model; and just after that how the Trusted Installer Service SID was used to set security for programs. We all see the SID's in the permissions tab of a many of the x86 programs (profile name S-1-5-80-xxxxxx). As a read the article is a bit dry, but so it's Security..

 

What's not covered is how to get out of the problem when your file structure has lost all permissions! Administrator, Everyone, MyProfile, Power Users, and SIDs all gone!

 

From what I can see so far I'll have to rebuild my PC completely, abandon all by Backup's on WHS, and update my data files with permissions on a subdirectory by subdirectory basis.

 

This is one time I'm thinking the LORD that all my data was kept on my WHS User directory and not on my PC.

 

Here is a link to the article: http://technet.microsoft.com/en-us/magazine/2007.06.acl.aspx

 

If anyone has a better fix, please post it. I'm sure I'm not the only one who has had this happen and wondered what the heck!

 

The Nightmare continues..

Link to comment
Share on other sites

Just saw this topic but yes, that is the case, i.e. the SID. If you were in an AD environment, there would be a way to change it bit not within a Workgroup. However, you should be able to take ownership of the data once you get in onto a PC on which you have Admin Rights.

Link to comment
Share on other sites

**Update**

 

Well after hours on the phone with a well intentioned Microsoft engineer in India, my WHS Client PC is now crippiled beyond repair. I've already rebuilt the Clients side PC once and all the software that was loaded prior to installing the WHS Connector works just fine, almost none of the software installed after installing the WHS Connector works properly.

 

I'm not sure if using the same profile name and password on my one computer and my new one has an impact, of whether having he same PC Client password and the WHS password impacted the install but it does not appear that this is fixable.

 

I'll be rebuilding the PC Client for the second time from scratch, since I do not trust the Back up on WHS. This time I'll create a local system restore so I can fall back to a fresh system. After I configure Windows, run all the Windows Updates, Install my base set of software and configure the PC completely -- Prior to adding the WHS Connecter.

 

What a PAIN!!

Link to comment
Share on other sites

I'll be rebuilding the PC Client for the second time from scratch, since I do not trust the Back up on WHS.

Kinda defeats the purpose of having a WHS, doesn't it?

Link to comment
Share on other sites

Back ups are great as long as the data is good. In this spacific case the Files themselves were copied, but he MS Object Security and ACL was corrupted. I've discovered that the issue was caused by a corrupted profile. The reload was not required but it's nice to have that new PC Smell, errrr I mean speed.

Link to comment
Share on other sites

Back ups are great as long as the data is good. In this spacific case the Files themselves were copied, but he MS Object Security and ACL was corrupted. I've discovered that the issue was caused by a corrupted profile. The reload was not required but it's nice to have that new PC Smell, errrr I mean speed.

I was wondering what that odour was ;)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • MoonGlum
      By MoonGlum
      Hi All,
      I have built a WHS 2011 server.  All was well except my Win 10 PC would not back up to it.  Installing the KB281721 hotfix was done on the server and part of the process was to reinstall the connector on the PC.  I uninstalled from control panel.  I then had a ton of problems connecting to WHS 2011 connect webpage.  This turned out to be being blocked by the server windows firewall, which started working ok when I disabled the private firewall.
      Now the connector web page comes up and initiates the install.  Connect a computer wizard starts up and asks me for the server name or IP.
      Neither work.  Whether I enter the server name or the IP it says the server could not be located.
      If I open the remote access web page from any device inside or outside LAN, I can connect to the server and carry out all you would expect.  I can connect via RDP, I can ping the LAN IP, I can ping the FQDN and WAN IP.
      The server is showing in Network and all shares are browse-able.
      I installed the find my server wizard and that failed to find it even using the command line switch with the <servername>
      So how do I get the server connector up and running.
      I have added theses ports to the router
      65510 
      3389  disabled at the moment until I can secure it better
      4125
      443
      80
      I found 3 copies of windows home server in the listed devices and have removed all of them.
       
      I am at a loss as to what to do next.  Hoping some experienced WHS 2011 server people know what to do next.......
       
      KR
       
    • RobWu
      By RobWu
      Before anyone starts telling me "I told you so...."
      I know.... I know.... but.... but.... ;-)

      So.... I upgraded my Win7 pc to Win10 yesterday. All went fairly well this time (another story...), and within a hour I was looking at a Win10 desktop.
      Did some new driver juggling, and all seem OK at first.
      Than it started to degrade quite quickly. Apps were being uninstalled or rendered non-functional, drivers went AWOL, I couldn't create any accounts for online stuff, like a google/ms account etc.

      Finally, after a couple of hours of bug hunting I gave up, and restored my old Win7 from the server. This all went like clockwork, and within another hour or so I was back running Win7.

      The only thing is that on the server, the PC is now seen as a Win10 pc, and as such not connected to the network. This is also happening with the connector, it's grayed out.
      I cannot change any of the settings for the pc backup, as it is 'offline or not connected to the network'.

      Is there a way to fix this, or do I have to remove the pc from the devices list, and reinstall connector to get things running again? I do loose all my previous backups, which I feel is a bit 'tricky' atm...

      cheers!

      rob
    • RobWu
      By RobWu
      HI all,

      I know this has come up a couple of times, but I haven't found a solution for this so far.

      I have my clients pc's connected to the server, but not in the domain.
      This worked just fine, but (and I suspect recent updates on the Win 7&10 clients) all of a sudden my NIC's DNS settings are reset to the server every time I (re)start a PC.

      As I don't want to check up on this, and change it back to the ISP values every time I start a PC, is there someone who has a working way around this?

      cheers!

      rob
       
      p.s. Just found out there's a update for the connector (KB 3172614). Not sure if this will fix the DNS issues as well though...
    • eddieb76
      By eddieb76
      I'm having problems with the Windows Server Essentials 2012 (NOT R2) connector software.  I've been on a bunch of web sites and still am unable to resolve them.  
       
      To Start:  I'm running WSE 2012 (non R2), a real plain install, none of my clients are on a domain (I added the key before installing the connector).  I can ping the server by name from all of the clients.
       
       All my clients were running fine.  I updated one client to Windows 10, no problem.  The second Windows 10 Pro client has the connector installed, but can't run backup (I do get the notifications).   I can ever remote the server and map drives to it.  Next, I added a completely new computer, and on that one, I download the connector, and get the "Cannot locate or identify your server" error.  Entering the or IP address here does nothing.  The other remaining clients work fine.
       
      At this point, I'm thinking that maybe I did something to the server.  Somewhere in the interim, I installed SubVersion on the server.  I believe that it uses Apache, but even with that shut down, I am unable to install the connector.  
       
      From my computerconnector.log file on the client:
       
       
       
      [11/26/2015 21:38:17 1798] wmain: Start of Computerconnector
      [11/26/2015 21:38:17 1798] wmain: Calling Computerconnector::ShowWizard()
      [11/26/2015 21:38:17 1798] CComputerconnector::ShowWizard: Initializing common controls
      [11/26/2015 21:38:17 1798] CComputerconnector::ShowWizard: Done initializing common controls
      [11/26/2015 21:38:17 1798] Displaying the wizard
      [11/26/2015 21:38:17 1798] CComputerconnector::AnotherInstallationErrorDlgProc: IDD_ANOTHER_INSTALLATION_ERR Page Initialization
      [11/26/2015 21:38:17 17c0] CComputerconnector::Run: Installation is ready to run
      [11/26/2015 21:38:17 17c0] GlobalData::Initialize (192.168.1.14, , C:\Users\EAdmin\Downloads\ComputerConnector(192.168.1.14) (3).exe, 1033)
      [11/26/2015 21:38:17 17c0] ExpandEnvironmentStrings return (C:\WINDOWS\Temp\Client Deployment Files\)
      [11/26/2015 21:38:17 17c0] CComputerconnector::Run: Running Task: Id=1 Description=Downloads the Setup.cab file
      [11/26/2015 21:38:17 17c0] NetworkUtil::DownloadFile (https://192.168.1.14:443/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033, C:\Users\EAdmin\AppData\Local\Temp\Setup.cab)
      [11/26/2015 21:38:17 17c0] NetworkUtil::DownloadFile - Create directory [C:\Users\EAdmin\AppData\Local\Temp] if not exist.
      [11/26/2015 21:38:17 17c0] NetworkUtil::_WinInetDownloadFile (https://192.168.1.14:443/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033, C:\Users\EAdmin\AppData\Local\Temp\Setup.cab)
      [11/26/2015 21:38:17 1798] CComputerconnector::AnotherInstallationErrorDlgProc: DIALOG_UPDATE: PreCheckPass
      [11/26/2015 21:38:17 1798] CComputerconnector::ConnecttingDlgProc: IDD_CONNECTING Page Initialization
      [11/26/2015 21:38:17 17c0] InternetOpenUrl (https://192.168.1.14:443/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033) returns 12045
      [11/26/2015 21:38:17 17c0] _WinInetDownloadFile returns 0x80072f0d.
      [11/26/2015 21:38:17 17c0] DownloadFile failed using https. Try http.
      [11/26/2015 21:38:17 17c0] NetworkUtil::DownloadFile (http://192.168.1.14:80/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033, C:\Users\EAdmin\AppData\Local\Temp\Setup.cab)
      [11/26/2015 21:38:17 17c0] NetworkUtil::DownloadFile - Create directory [C:\Users\EAdmin\AppData\Local\Temp] if not exist.
      [11/26/2015 21:38:17 17c0] NetworkUtil::_WinInetDownloadFile (http://192.168.1.14:80/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033, C:\Users\EAdmin\AppData\Local\Temp\Setup.cab)
      [11/26/2015 21:38:17 17c0] Download from url: http://192.168.1.14:80/Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033failed with HTTP error 500
      [11/26/2015 21:38:17 17c0] _WinInetDownloadFile returns 0x8000ffff.
      [11/26/2015 21:38:17 17c0] NetworkUtil::DownloadFile(http://192.168.1.14:80, Connect/default.aspx?Get=Setup.cab&64bit=1&LanguageId=1033, C:\Users\EAdmin\AppData\Local\Temp\Setup.cab) failed with hr = 0x8000ffff.
      [11/26/2015 21:38:17 17c0] CComputerconnector::Run: Task: Id=1 Failed
      [11/26/2015 21:38:17 1798] CComputerconnector::ConnecttingDlgProc: DIALOG_UPDATE: ServerNotFound
      [11/26/2015 21:38:17 1798] CComputerconnector::ServerDlgProc: IDD_SERVER Page Initialization
      [11/26/2015 21:42:20 1798] wmain: End of Computerconnector: hr=0x0
    • wrouffa
      By wrouffa
      I require some guidance.
       
      I own an HP MediaSmart Server running WHS V1.  In addition I have a series of computers which I backup to the server on a regular basis.  Recently I upgraded two of then from Windows 7 to Windows 10.  I was able to successfully install the connected software and have continued to run backups with no issues.  I now need to access some of the backups.  When I try to restore (manage) a backup on the server it goes through the normal "opening" process but at the end when the file explorer window pops open, it flashes open momentarily and then closes.  I'm guessing this is an issue with Windows 10 and the new File Explorer. 
       
      Does anyone have suggestions on how I might proceed to access the backups?
       
      thanks!
×
×
  • Create New...