SIMS NTFS Permissions?
Hopefully an edugeeker will be able to answer my question before monday.
Im restructuring our S drive which sims sits in. I've restricted staff from a lot of folders. However, the SIMS folder has always been completely unrestricted to staff. I want to ensure staff can't take ownership etc or delete files.
What set of permissions do you have in your setup of the SIMS folder?
Actually I think the answer is FULL CONTROL still judging from prior posts. Is this still the case though?
A standard user should never have Full Control. This is the permission that essentially allows them to change permissions, etc. All it takes is one user at the top of a folder structure to wipe out any permissions down the tree. Full Control should only used by Administrators, etc. Also, give access to the 'Deny' permission and it's just asking for trouble. I was always taught that you should never need Deny permissions to be set either, as you should be able to control access to a resource by only granting what is needed.
Last place I worked was managed system by EDS where the main public share all users had full control over. So all these folders were being created with specific permissions for users and groups, and on a regular basis we would have to make a phone call to the helpdesk to get the permissions reset as someone had overwritten things. Nightmare.
Our setup for SIMS is that a drive mapping is made to the S: drive but it is hidden. Also, I believe (set this up a while ago) that they have Read only access to it as well. You do however need modify to do a fresh install SIMS on to a workstation as it writes to the S: drive during the install :confused:.
Also, remember to exclude the s:\sims\setups from the On-Access on your Anti-Virus policy as this slows down the launch of SIMS.
I have Full Control for my S: drive, although this is limited to a group called "SIMS Staff" (which is limited to all staff.. ).
Ideally, though, I would prefer to have it properly set, but I have never found any instructions within the Capita docs that say what it should be (not that I have specifically looked though).
There has never been a need for staff to have full access rights to use or upgrade SIMS.
what permission level does the SIMSPERM.BAT file set?
I know that if this hasn't been run then users cannot run the workstation upgrades..
Our S: Drive & SIMS Server is maintained by the LEA, though I tend to double check SOLUS has run and that the upgrades apply to all the clients.
Our staff seem to have Read/Write access to S. This has always worked for us.
Does this work fine for Workstation upgrades too?
Originally Posted by FragglePete
The read/write access to the S: drive is historic from the days of common platform and even earlier when SIMS was a series of DOS modules.
SInce that data is now held in SQL and and documents are maintained in the docstorage the open access to the drive should be reveiwed.
Our SIMS shared drives are configured for users to see certain area's only depending on their role in the school.
All can see the route H:\sims to allow for a central connect.ini, and then only the sims star folder is accessable admin staff who need to see either the CTF's or the datafeeds.
We then have an area available to specific staff that hold data that is sent to the LEA via AVCO. This includes the location of the census and SWC returns.
The SIMSPerm.bat is only designed to set the local machine with athe correct security levels.
Can't get NOVA T4 or T6 to work without full access rights for those staff that use NOVA.
Originally Posted by PhilNeal
There's little in the S: drive these days that staff would need full access to... SNOVA folder for nova users (that don't log in to T4 as "default user"(?)) could be one, but I don't really see the need for anywhere else as everything else goes straight into SQL these days.
Having said that, or looking at the same point from a different direction I suppose, so long as you've got a backup of the SNOVA folder since the last timetable change and the S: drive since the last upgrade, nothing much else should change day to day :)
have you run the Simsperm file on the local machine for the user or group?
Originally Posted by pmassingham
We've been told to run wssecurity
Btw does anyone actually know what permissions this makes? It takes an aweful long while. I imagine it to be setting full control to everything including the reg settings or something!
We all talk about it setting permissions, but what permissions? I've installed workstations without running this and they still work. This maybe because I've set them up as local admins.
Since last weekend, I defragged the D: drive on our sims server and everythings very very slow. Queries are taking extra long. I've been in touch with .ICT and they said that defragging will only improve file system performance. They then tried to re-index the sims database but this has not fixed the slowness problem. We're flatlining the CPU with 100% everytime a staff member pulls down the simplest of queries.
I'm beginning to wonder if its a mssql issue?
Please help! :eek:
post the spec of the server that you are using
What is WSSecurity and where do you find it???
Originally Posted by techyphil