Jump to content
RESET Forums (homeservershow.com)

Help with system shares (CertEnroll, sysvol, NETLOGON) visability


Recommended Posts

I'm trying to migrate over to WS2012E, since WHS2011 won't seem to properly back up GPD/UEFI partitions (Windows 8.1, etc). I have WS2012E up and running (the evaluation version... I didn't want to spend $500-ish before testing it). When I use the "network" tree in Windows Explorer (Win 7 Pro) to access the server shared folders, I see the CertEnroll, sysvol, and NETLOGON folders. For me, this just adds unnecessary clutter.

 

I've done hours of Googling and read a few tech books. I can't find anything about them showing up, other than not to mess with them. I don't get it though. I don't have access to these folders at work on the network there (its running Server 2008, but I don't administer it at all). So why do they show up in WS2012E? Is there any way around it? I don't care that they exist, or that a user could type the path into Explorer to get to it. I just don't want them to show up on the Network tree along with all of the shared folders I've created. 

 

Any suggestions? I know I can create a group in Libraries, but that's really not what I'm looking for. Every other file sharing device I have (media players, shared USB via router, etc) have file access though the network tree. Why is this different? It didn't exist in WHS2011, and WS2012E is newer. 

 

I'd appreciate any input, including "there's not a damn thing you can do, sorry". If that's the case, I'll probably fall back to WHS2011 or a NAS and use a different backup solution. 

Link to post
Share on other sites

OK, not to derail your WSE2012 progress, but you did apply the GPT/UEFI hotfix to your WHS2011, right? I have it installed on my WHS2011 and can back up and restore my Win8.1 Desktop machine just fine.

Link to post
Share on other sites
jmwills

Double ditto. Now on those three shares........leave them alone. Theyvare part of the OS.

Link to post
Share on other sites

OK, not to derail your WSE2012 progress, but you did apply the GPT/UEFI hotfix to your WHS2011, right? I have it installed on my WHS2011 and can back up and restore my Win8.1 Desktop machine just fine.

Actually, that doesn't derail anything at all... saves me $500. But I've read several posts that there are still problems with GPT/UEFI after the hotfix, some on this forum. Is there a trick to it?

 

If that works, that leaves my only real problem being a 2TB limit on server backups.

 

 

 

Double ditto. Now on those three shares........leave them alone. Theyvare part of the OS.

I keep reading that, but no one can explain why I can't see them at work, but I have to see them at home. :| There must be some solution that rectifies that. Even if file sharing is done on separate hardware, they system shares SHOULD still show up on the network at work, right? But they don't.... I just get frustrated and things I can't understand/explain. I'm guessing the answer is beyond my implementing. It's just that after about 50 or so hours or working on this, I'd like to know the why of it. Edited by grit
Link to post
Share on other sites
jmwills

Those are hidden shares and you're probably not an Admin at work either, right?

Link to post
Share on other sites

Those are hidden shares and you're probably not an Admin at work either, right?

 

Correct. But the account I used on WHS2012E at home was a "standard" account, not an administrator account, yet those folders are still visible.

Link to post
Share on other sites
jmwills

You see those folders because the server is a Domain Controller. By default, your account has to be able to access those shares in order to logon but you don't need to get into them and muck around.

 

You can backup those shares if you like, as the SYSVOL is essentially the registry, but again, don't delete them or muck around in there.  Your server will break.....end of story.

 

http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

Link to post
Share on other sites

Actually, that doesn't derail anything at all... saves me $500. But I've read several posts that there are still problems with GPT/UEFI after the hotfix, some on this forum. Is there a trick to it?

 

If that works, that leaves my only real problem being a 2TB limit on server backups.

 

The only 'trick' I've run into is to wipe out and recreate the partitions on the OS drive before trying to do a Restore. Now, I haven't entirely nailed everything down about this. I know this technique works on my SSD in my main Desktop computer. However, there are a couple of things I'm not sure about, yet:

  1. it may be possible to simply remove any assigned drive letters on the OS drive partitions and then restore. This would be somewhat easier than wiping out the partitions. I have to double-check this though to be sure it works.

     

  2. I have to use this "wipe and recreate" technique on my SSD. I'm not sure it's required on a regular HDD. My SSD is an Intel ssdsc2ct240a3, which is 330 Series 240GB drive.

In the DashBoard, I have my Win8.1 Desktop set to back up the System Reserved and LocalDisk(C:) partitions.

 

As far as the 2TB limit is concerned, I completely avoid the issue by not backing up any data at all using the WHS backup; Server or Client. I use RoboCopy and CMD scripts to copy my data to where I want it.

 

I use WHS Server Backup to only back up the OS drive of my WHS2011, so I can Restore quickly and easily. In fact, I did it recently after I tried something on my WHS2011 that didn't work too well. 20 minutes of Restore and my system was back exactly as it was before.

 

I use WHS Client Backup very similarly. I only back up the OS partition on my Client computers. Data backup is handled by RoboCopy commands in CMD script files that are automatically triggered by Scheduled Tasks.

 

You can read more about my strategy here:

 

PHOTOS: http://homeservershow.com/forums/index.php?/topic/1899-whs-2011-storage-strategy/page-8#entry47628

 

BACKUP STRATEGY: http://homeservershow.com/forums/index.php?/topic/4788-what-i-hope-to-acheive-with-your-help/#entry51373

 

BACKUP SCRIPTS: http://homeservershow.com/forums/index.php?/topic/5197-robocopy-backup-scripts/#entry56498

 

 

One of our fellow Members, Jason, is just about finished implementing this strategy. You could ask him what he thinks of it.

Link to post
Share on other sites

You see those folders because the server is a Domain Controller. By default, your account has to be able to access those shares in order to logon but you don't need to get into them and muck around.

 

You can backup those shares if you like, as the SYSVOL is essentially the registry, but again, don't delete them or muck around in there.  Your server will break.....end of story.

 

http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

 

So it's part of the domain controller. Okay. And if I'm not mistaken, Essentials REQUIRES that it is the primary domain controller, right? That'd explain why they are visible on the network shares, and why there's no way around it. That certainly clears it up. Thank you!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...