Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

Narahari1

2 Intern

 • 

127 Posts

932

January 9th, 2013 08:00

folder attribute issue on Celerra shares

Users complain that NAS folder "Business" is missing on NAS share, but if we type the file path \\corpnas01\share1\Business, the folder opens up with its content. So the issue is somone changed folder attributes for that folder "Business" on NAS share and it was made hidden for users . We were able to view the folder Business using a setting, windows explorer, tools, folder options, view and uncheck "Hide protected operating system files" option. The folders will showup as grayed out and the properties of folder shows hidden. Used a command utility "attrib -s -h foldername" to change the attributes (un hide) and the folders are visible now and is back to normal. But, the same issue keeps happening every day and causing us lot of trouble. We want to find out who is doing it. We have not turned on auditing on NAS as it adds loads to CPUs. If we trun on auditing will I be able to find out who is changing the folder attributes? What option I need to choose to on auditing to log this folder attribute changes ? any idea? Thanks in advance.

T !

umichklewis

3 Apprentice

 • 

1.2K Posts

January 11th, 2013 12:00

Yes, Narahari - that's it!  You'll want to create the same directory on the DR side, but not replicate it from the source side.  After you failover your VDMs, they will use this new directory for the security.evt file, which will be created when the CIFS service is started.

You might have to failover the VDM to the DR side (starting the CIFS service) to be able to make the regedit changes.

Let us know how it goes!

umichklewis

3 Apprentice

 • 

1.2K Posts

January 9th, 2013 14:00

Chances are, you have an application (or an application being run by a user) that is hiding the folder with the attribute setting. 

With auditing, you'll be looking for Event 567 or something very similar, which should give you the last user to modify the file.  However, auditing will add a bit of workload, in addition to using much more space for Windows event logging.  Take a look at the Using Windows Administrative Tools documentation, and see the section on User Rights Management - Auditing.  You may wish to consider moving your Security log to a larger filesystem to accomodate the growth of the log file.

Let us know if this helps!

Karl

Narahari1

2 Intern

 • 

127 Posts

January 11th, 2013 09:00

thanks Karl.

We have turned on audting and the audit logs are filling up. I was reading primus emc69252 to relocate c:\security.evt file to new file system but I'm in confuson as it talks about just CIFS server and does n't specifically say CIFS server on Physical DM or VDM. I have a cava cifs server on Physical DM_2 and 4 CIFS server on different VDMs on DM2 and I want to relocate only VDM cifs server's security.evt log. Each vdm has its own security.evt log file under /root_vdm_X/.etc/audit folder. So I have to run this procedure for each cifs server right ? So I have to create 4 different file system like cifsserverXevtlogfs and mount it as /winnt under each vdm and then run the relocate procedure by using regedit? As per primus I should not replicate this eventlogFS. So will the failover of cifs server to DR work in this case? Should I also create same file systems on the DR side as well ?

Was this post helpful?

View All

No Events found!

Top