Enterprise Service Cloud - Docs

Use SMB

Manage Access Rights

In your business group, each share has three groups. These groups can be used to add Users from your AD to grant them specific rights. Your AD administrator can grant some user rights to modify all the share groups from your business group, after he granted himself write access to the management group:

The three groups created in your AD are named as follows:

Fullcontrol Group: DL_ESC-ARCUN-SMB-Full_Access_<ShareName>_<Uuid>_<BgId>_S_00
Write Group: DL_ESC-ARCUN-SMB-Modify_Access_<ShareName>_<Uuid>_<BgId>_S_01
Read Group: DL_ESC-ARCUN-SMB-Read_Access_<ShareName>_<Uuid>_<BgId>_S_02

Granting the permission to the different access groups will then be enabled:

For being able to mount a SMB share, you need to be in one of those 3 groups.

If you want to add specific NTFS-based access rights, your user needs to be in the Fullcontrol Group of the specific share.

Here are the detailed descriptions what each predefined groups can do with files and folders on the SMB Share:

  • Read Group

    • View and read files and folders
    • Run executable files and scripts

  • Modify Group

    • All Read Group permissions AND
    • Write files and folders
    • Change files and folders
    • Delete files and folders

  • Fullcontrol Group

    • All Modify Group permissions AND
    • Change Security permissions on files and folders

Mount SMB Share (Windows)

There are several ways to mount a share on a Windows system.

Via GUI

  1. Open your explorer, click on Computer and select "Map Network Drive"
    Image 1 of mounting share

  2. Select your preferred Drive.

  3. Copy the "Mount Path" of your share you see in the GUI with all backslashes in the field "Folder".

  4. Check "Reconnect at login" if you permanently want to add the Share to the system.
    Image 2 of mounting share

  5. Click Finish.

Command line (Powershell)

  1. Open Powershell.

  2. Type the following, replacing Z: with the Drive letter you want to assign to the Share.

New-SmbMapping -LocalPath 'Z:' -RemotePath '[the "Mount Path" of your share you see in the GUI with all backslashes]'

Command line (CMD)

  1. Click Start and then click Run.

  2. In the Open box, type cmd to open command line window.

  3. Type the following, replacing Z: with the Drive letter you want to assign to the Share.

Net use Z: [the "Mount Path" of your share you see in the GUI with all backslashes] /PERSISTENT:YES
This is an information message

Please note

If you are not able to mount a share, please check if the access policies are set right (explained below) and you have the right port opened to the provided system.

Restore SMB Snapshots (Windows)

This is an information message

Important

Backup on the SMB container needs to be enabled to see the snapshots.

To restore older versions of files and folders, you can navigate in the desired directory or file in the windows explorer.

  1. Right click on the desired item and select Properties.

  2. There, you navigate on Previous Versions.

  3. In the list, you see all older versions of the Item and can select the desired timestamp to get this version of the file or directory.
    Image of restoring SMB items

This is an information message

Warning

For a restore of backups older than 7 days an incident ticket must be opened. The following information is mandatory:

  • URI (visible in the portal, in the details tab of the share)
  • Date of the backup

Additional AD Groups

The following four AD groups additionally exist. Three AD groups are created on Business Group level and can be used to give access to users to all shares of an entire Business Group.

Fullcontrol Group: DL_ESC-ARCUN-SMB-Full_Access_<BgId>_S_00
Write Group: DL_ESC-ARCUN-SMB-Modify_Access_<BgId>_S_01
Read Group: DL_ESC-ARCUN-SMB-Read_Access_<BgId>_S_02

An additional AD group which grants access to all containers is created for technical purposes.

Customer Group: DL_ESC-Customer_ARCUN_S_00

Last Updated: