Verifying Service Account is in Proper Groups
The following steps will require an elevated or Domain Admin account to proceed.
- On a Server or Desktop that can connect to both Active Directory and the Azure Netapp Files appliance Right-click the start menu and select Computer Management.
- Right-click Computer Management Local and select Connect to another computer.
- On the Next Screen select browse, and enter the hostname of your ANF instance.
- Computer manager should now have loaded showing your ANF hostname at the top.
- Click System Tools > Local Users and Groups > Groups
- Select the administrator Group and verify that your service account was added from the Azure portal. DO NOT ADD YOUR SERVICE ACCOUNT TO THE GROUP HERE IT WILL BE LOST/ OVERWRITTEN.
Verifying / Adding Service Accounts to ANF Security Groups
The following steps will require an elevated or Domain Admin account to proceed.
- On a Server or Desktop that can connect to both Active Directory and the Azure Netapp Files appliance Right-click the start menu and select Computer Management.
- Right-click Computer Management Local and select Connect to another computer.
- On the Next Screen select browse, and enter the hostname of your ANF instance. Select ok and ok.
- Computer manager should now have loaded showing your ANF hostname at the top.
- Click System Tools > Shares
- The list of shares on the ANF appliance the shares should reflect your volumes.
- Right-click on the share that is causing errors and select properties.
- Navigate to the Share Permissions Tab and validate that the group added will allow Resilio to traverse the share. The account could be Everyone, Domain Users, or Authenticated Users.
- Navigate to the Security Tab and validate that the security tab has your administrative group added or the Resilio Service account added to this section. If your service account or group is missing Follow the instructions below.
- Click Advanced on the Security window.
- On the Advanced Security Window Click Add
- Click Select a principal at the top. On the screen that pops up add your Securit group or User.
- Click Full Control then select Show advanced permissions on the right to see the screen below and validate that the security windows match the picture below.
- Click OK > Apply > OK
- You can close all open windows.
- Restart your Resilio Agents and verify ACLs are syncing properly.
Correcting ACL Inheritance
Sometimes it may be necessary to break File and Folder Inheritance Follow these instructions to make sure proper groups are maintained.
- On the Advanced Security Settings Screen Click Disable Inheritance
- Select Convert Inherited Permissions.
- If there are permissions that need to be removed now it is safe to remove only the Groups or accounts that do not need access.