+ Post New Thread
Results 1 to 7 of 7
Windows Server 2008 R2 Thread, Best way to enable Shadow Copies in a school environment in Technical; Hello All, Our FreeNAS server supports presenting daily (or hourly, or whatever) snapshots as Shadow Copies, available for users via ...
  1. #1

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,653
    Thank Post
    1,257
    Thanked 781 Times in 678 Posts
    Rep Power
    236

    Best way to enable Shadow Copies in a school environment

    Hello All,

    Our FreeNAS server supports presenting daily (or hourly, or whatever) snapshots as Shadow Copies, available for users via the "Previous Versions" option on the context menu of a file / folder. This sounds great for your average office, but I can see it causing mayhem in a school environment if a pupil or teacher decides to click on the "Restore..." part of a folder (or whole share...) and takes a bunch of files back to the previous weeks version. Is there a way to stop users having access to the "Restore..." command - a GPO setting?

    Is there then a handy way to let users browse their previous versions of files? I see that it's possible to browse a particular snapshot by putting in a UNC path of the form: "W:\@GMT-2012.12.13-06.00.00" or similar. I guess I could create a "backup" share and have a script create a bunch of shortcuts for each user to each share / snapshot, but then I've got to get that script to remove old non-existstant snapshots - is there a way to list the available snapshots available on a share? If I was doing this via Samba I could create a VFS plugin to dynamically create a list of available shares / snapshots for the given users, but how do I get a list of the available snapshots from a CIFS share?

  2. #2

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    They can only perform the Restore action if they have write access as per the normal NTFS ACLs. If your pupils have write access to large swathes of shared drives, you have a bigger problem brewing!

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,653
    Thank Post
    1,257
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by AngryTechnician View Post
    They can only perform the Restore action if they have write access as per the normal NTFS ACLs. If your pupils have write access to large swathes of shared drives, you have a bigger problem brewing!
    Oh, the pupils only have write access to the areas they're meant to, but I'm just as (well, more...) worried about the teachers. I can just imagine them right-clicking a folder, hitting "restore previous version" and simply hitting "Okay" on the message that explains that doing this will restore previous versions and that it can't be undone...

  4. #4

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,653
    Thank Post
    1,257
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    It turns out that Windows' "vssadmin list shadows" only shows shadow copies on local volumes, which doesn't help. Seemingly I should be able to browse FreeNAS snapshots from \\server\sharename\.zfs, but that folder seems to be inaccesible when I try it. Seemingly the line "zfs set snapdir=visible zpool/zfilesystem" will make the .zfs folder accesible, but I don't know where in FreeNAS I put that line - some option in a box somewhere in the GUI, or do I need to SSH in and type it at the command line?

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    This is a shell command, not a configuration option.

    Code:
    zfs set snapdir=visible zpool/zfilesystem

  6. Thanks to Geoff from:

    dhicks (18th December 2012)

  7. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,653
    Thank Post
    1,257
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by Geoff View Post
    This is a shell command, not a configuration option.
    Many thanks - I logged in, did the command above, it made no difference. It turns out there's some random issue stopping Windows 7 accessing the .zfs folder, although oddly you can access it just fine via the command line - I can do
    Code:
    dir "\\ks-nas1\Accounts\.zfs\snapshot"
    from the command line and get a list of snapshots back. That's fine, that all I need to knock up a quick script to make a folder in a share on a Windows server for each user and populate it with shortcuts to dated snapshots. I can then mount that share as the "backup" drive and tell everyone they can restore their stuff from there if they need to, disabling the "Restore Previous Versions" feature of Windows via a GPO setting.

    I can run that script every night to update the contents of the share, although that seems a bit clunky. Is there any way to create a dynamically updated listing - the listing would be generated when the user looks at the folder, not before? With Samba on a Linux server you could do it by creating a VFS plugin, but I don't know how you extend the file system in Windows.

  8. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Your ZFS implementation is maybe buggy?

    https://github.com/zfsonlinux/zfs/issues/626

    Also from there, in your share definition you can do:

    Code:
    vfs objects = shadow_copy2
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = AutoH-%Y-%m-%dT%H:%M
    To make the ZFS snapshots work as 'shadow copies'
    Last edited by Geoff; 18th December 2012 at 06:50 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 10th September 2010, 07:27 AM
  2. Replies: 9
    Last Post: 27th May 2010, 07:44 PM
  3. Best Way to copy folder to PC's
    By TechSupp in forum Windows
    Replies: 4
    Last Post: 15th May 2009, 04:51 PM
  4. Easy way to enable dialin access in AD
    By localzuk in forum Windows
    Replies: 5
    Last Post: 26th October 2007, 11:08 AM
  5. Best way to install .exe accross the network through GPO
    By tosca925 in forum How do you do....it?
    Replies: 2
    Last Post: 12th December 2005, 09:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •