Re-assigning Administrator permissions on filestores

You may be aware that if you remove the Administrator permissions from your home folder (or any other shared folder) this will cause all sorts of problems as well as prevent backups being taken. Therefore it is strongly advised not to do this.
Who has access to my filestore?

To re-assign administrator permissions start by opening COMPUTER (or MY COMPUTER if using windows XP) and type the path of the share you want to fix. If you are unsure what the path is then use cmdinfo to find out.

My home folder is on tower 1 and home 01 therefore I shall type \\tower1\home01 and I should only be able to see folders I have permission on.

Right click on your folder and select properties. Then select the security tab.

You may notice tower1\administrators is not there as it should be so click the Add button.

Type towerX\administrators

Tick the full control box to allow full control to towerX\administrators then click apply

Click OK. All child folders and files should now have the administrator permission.

Filestore Best Practices #2: Consider turning OFF offline files on Desktop Machines

In the CAMPUS domain offline files are turned on by default; the majority of users will have seen the now familiar ‘Synchronising’ dialogue message window which appears when they log off a PC.

However, Offline files can cause warning and error messages being displayed to users – this has been seen by the ISS Helpdesk on a daily basis, and is becoming a problem: The two main issues appear to be the default excluded files extensions, or insufficient disk space on the PC to allow the caching of offline files.

So why are offline files sometimes unnecessary? In Microsoft’s own words “Offline Files: You can use this feature on a portable computer, or on a desktop computer that occasionally connects to your workplace network.”

Approximately 90% of the machines on Campus are Desktop machines which will never leave the confines of their office environment. These machines will still have offline files enabled. There is the argument that should a server fail, offline files will allow you to continue working merrily away, without any knowledge that a problem actually exists. But in reality how often does a server issue occur? And those which do are publicised well in advanced during an ‘At-risk’ period. Given the problems that offline files can cause it’s worth considering if such machines really need offline files enabled.

ISS Provides a Group Policy to switch off offline files on Windows XP machines The name of this policy is: ‘2 Campus Windows XP Turn Offline Files Off.’ And as an added benefit to your users they will see that their log off speed has dramatically increased too.

The Offline files system in Windows Vista is vastly improved and not activated by default but you should still consider it’s use carefuly.

SUMMARY: Assess the pros and cons of offline files on Desktop machines in your OU. If they are not benefitting you or your end users then please consider switching them off.

Filestore Best Practices #1: Don’t give full permissions unless you really need to!

A large proportion of the calls to helpdesk relating to the Shared Filestore Service (Turrets) are around broken permissions with the Share Administrator and often the Server Administrator permissions being removed. This can interfere with day-to-day operations , backup procedures and become a real problem when it becomes necessary to copy data.

Even more worryingly there have have been occurrences when users have removed folders so that the Share Administrator cannot even see that the folder exists!

Looking over some random shares it seems that nearly all of the folders assigned to users are set with ‘Full Control’. This is not necessary for users to have read\write access.

Let’s have a look each type of permissions and what it really means:

Full Control

Change permissions and take ownership, plus perform the actions permitted by all other NTFS file permissions


Modify and delete the file plus perform the actions permitted by the Write permission and the
Read & Execute permission

Read & Execute

Run applications plus perform the actions permitted by the Read permission


Read the file, and view file attributes, ownership, and permissions


Overwrite the file, change file attributes, and view file ownership and permissions

The problems we have are often around a poor understanding of permissions but usually caused by end-users with ‘Full Control’ who try to set permissions themselves. In 99% percent of cases this is not required and users who need to work with and change files in a folder can accomplish this with ‘Modify’ access.


SUMMARY: Look at your folders. Do the assigned users need to have rights to change permissions? If not, take them away by changing ‘Full Control’ to ‘Modify’.

OWA 2007 Document Access

As discussed at our OU Admin Day event, OWA 2007 has the ability to offer read-only access to campus Windows file-servers from a web browser. This is a handy alternative to Webfolders, FTP and RAS and of course is accessible from anywhere.

This feature is only available with OWA 2007 Premium and subsequently Internet Explorer is the only supported browser. Hopefully Microsoft will remedy this with the next version of Exchange Server.

We need to enable any file-servers in an ‘allow list’ on the Exchange Client Access servers before users can access them. We can add school file-servers within reason. Please speak to your School Computing Officer and get them to contact helpline with a request.

At present the following servers are enabled:

All Tower servers
All Turret servers – This is a DFS name space allowing access to towers/turrets/software and high availability servers.

To access:

Log on to OWA 2007 as normal

From the left hand menu buttons, Select ‘Documents’:

Select ‘Open Location’ from the left hand menu:

A Box will appear where you can enter a path to a file server. As an example I have included the correct format for access to your home directory. Replace the ‘X’ with whichever tower and home share that your home directory resides.

Example: \\\home17\njwd

It is important that the location you want to open is prefixed with the two forward slashes in standard UNC format and the server name is fully qualified with

If you have the appropriate permissions to open that location, you should be presented with the contents of that file-share in the right hand pane:

Item 1: ‘Open in Windows Explorer’ will only work whilst on campus, but will open a Windows Explorer window to the directory that you currently have selected.
Item 2: Lets you go up the directory structure, if you have permission to do so.
Item 3: Adds the current location to the ‘Favorites Menu’ as depicted in item 5.
Item 4: Is a breadcrumb style link to your current location. Click on any of the parts separated by slashes to go to that level, if you have permission to do so.
Item 5: Lists ‘favorite” places that you have added.

Double clicking on a folder will take you to the contents of that folder.

Double clicking on a file will try to open that file natively on your computer, should you have the application that can open it.

If you right click a file a context sensitive menu will appear:

Selecting ‘Open’ will try and open the file as if you have double clicked it.

If you select ‘Open as Web Page’, OWA will try and interpret the contents of that file and display it in a web-page. This is particularly handy if you are on a computer without Microsoft Office, but need to read an Office Document. The supported file types include (doc, pdf, pps, ppt, rtf and xls).

Selecting ‘Send by E-Mail’ opens a new mail message in OWA and automatically includes the file as an attachment.

‘Copy Shortcut’, copies the UNC path of the file to the computer clipboard.

Scheduling a Backup in Windows Server 2008 using WBADMIN

The Windows Server Backup feature provides a basic backup and recovery solution for computers running the Windows Server 2008 operating system and offers significant improvements over its predecessor. Windows Server Backup introduces new backup and recovery technology and replaces the previous Windows Backup (Ntbackup.exe) feature that was available with earlier versions of the Windows operating system.

One or two people have asked recently how to schedule a backup using the Windows Server Backup feature in Windows Server 2008. This is certainly a legitimate question as the GUI tools provides little or no flexibility is choosing which volumes to backup and to where. As such we need to look to the command line for WBADMIN

In order to schedule the task you will either need a dedicated hard disk and it’s drive letter or a UNC path to a share.

The following command will backup drives H, I and Z to a share called weekly backup on server1.

wbadmin start backup -backupTarget:\\server1\weeklybackup -include:H:,I:,Z:: -quiet

The command can be broken down in to 4 parts:

Wbadmin start backup

Runs a one-time backup. If used with no parameters, uses the settings from the daily backup schedule.


Specifies the destination to which the backups will be stored.


This switch allows you to specify which volumes you would like to backup.


Supresses any prompts to the user allowing you to run the command unattended as a the task.


If you save a backup to a remote shared folder, that backup will be overwritten if you use the same folder to back up the same computer again. In addition, if the backup operation fails, you may end up with no backup because the older backup will be overwritten, but the newer backup will not be usable. You can avoid this by creating subfolders in the remote shared folder to organize your backups. If you do this, the subfolders will need twice the space as the parent folder.

Deleting Windows Profiles

Written by James Pocock:

There have been a few problems recently with local copies of roaming profiles being incorrectly deleted. The following procedure should be followed when deleting a profile.

Removing the Local copy of the profile

A common mistake is to simply logon to the local machine as an administrator and delete the users Profile from C:\Users or C:\Documents and Settings.

However, deleting only the local folder does not remove some key registry settings. While XP is usually quite forgiving of this Windows Vista is not and a profile which has been deleted in this fashion will never function correctly on the machine until it is rebuilt.

The profile should be fully deleted from the local system by using the User Profile settings option in System Properties.

In Windows XP:

System Properties > Advanced Tab > User Profiles > Settings

In Windows Vista:

System Properties > Advanced System Settings > Advanced Tab > User Profiles > Settings

Profile 1

Highlight and delete the profile you wish to remove (you may need to reboot first).

Profile 1

Finally you can manually remove any residual folders from C:\Users or C:\Documents and Settings.

Remove the Server Copy of the Profile.

Within the CAMPUS network only the user and server administrators have permissions to remove a profile. There are two ways to go about this.

Map a drive to the folder above the users remote profile folder with the user using their user account. You can find out the path by using CAMA.

Alternatively you can request this process is performed by ISS by emailing

Rename the folder as zap.username. This is important because The CAMPUS profile servers have run scheduled tasks which remove folders prefixed with zap. each morning at 06:30. This allows some time to retrieve files from the old profile. More importantly, If the old profiles are not deleted they will count against the users quota.

Coming soon to SkyDrive

I’m generally happy with Windows Live SkyDrive (Microsoft’s “USB stick in the cloud”), but there’s a couple of features that have held it back for me. I’m glad to say that they appear to be getting added in the next update!

  • You’re going to have the ability to download an entire folder as a single zip file (this is easily my most-wanted feature)
  • Share files without requiring people to use a Windows Live ID
  • Move and copy between folders
  • Better photo handling: improved slideshow, download photos to Windows Live Photo Gallery

And they’re increasing the storage limit from 5 to 25Gb!

Good news, and that’s not all – you can read the full list on the SkyDrive Team Blog.

Pilot service: large-scale, long-term filestore

ISS will shortly start testing the feasibility of giving significantly larger filestore quotas to staff and PhD students. In the pilot scheme, qualifying users will be able to request a “Store Folder” of 20GB, in addition to their standard 2GB Drive H.

The Store Folder is intended as an “archive” for inactive files which need to be kept for a long period of time. It will have the qualities that are associated with the Drive H filestore in terms of security and accessibility from multiple locations, but backup and restore services will be less.

For more information and details on how you can join the pilot please click here.…tem/pilot-store