• marcoscunhalima
    0
    Hi

    I have CloudBerry installed in a Windows 2012 Server (to backup some files to AWS S3).
    It works very well but I have an annoying problem: all users who connects with this server (by RDS) see all the mapped drives - which could lead to some user accidentally copy files to mapped drive (or even worse delete some backed-up file).

    Is there a way to restrict CloudBerry Drive mapped network drive from being seen by users?
  • Sergey N
    26
    Hello, unfortunately there is no way to hide it from the other users due to the specifics of the Virtual Disk driver. I have added your request to an already existing feature-request for our R&D to consider and add to the developement roadmap.
  • David Gugick
    118
    I was going to suggest you use Windows Tasks to create specialized logon and logoff actions to mount the drive, but I think the easier thing if you do not need Drive running when you are not logged in is to unmount the drive before you log off (and mount when you log on to the system). You can obviously do this from Drive applet in the tray or you can use the command line for mounting and unmounting and create a few desktop script CMD files and kick them off as needed.

    "C:\Program Files\CloudBerryLab\CloudBerry Drive\cbd.exe" mountDrive S
    "C:\Program Files\CloudBerryLab\CloudBerry Drive\cbd.exe" unmountDrive S

    Now if multiple users will be logged into the system at the same time or those users may need access to the Drive, then this will not work. You'll need to uncheck the option to "Mount this account as virtual disk at system startup" under the properties for the mapped drive in the CloudBerry Drive application.
  • marcoscunhalima
    0
    Hi David

    The scenario we have there is that the server is running a database that needs to be backed up. This happens without any users logged in and we create the backup in the mapped drive so it can be send to S3.

    What I really need is that only administrators (or a group) could see the mapped drives. Ordinary users not.
  • David Gugick
    118
    If SQL Server, have you considered using CloudBerry Backup for SQL Server so you can back up to the cloud directly?
  • marcoscunhalima
    0
    Hi David
    No, it's not SQLServer and there are other files that are backed-up together.
  • Dmytro
    0
    Hi everyone! I see that it is quite an old topic, do you happen to have any solution for fine-grained permissions restriction for the mapped GCP bucket? I got a similar issue. For example, I have Win Server A with CloudBerry Drive installed which maps several GCS buckets on it and server B which maps that drives as a network shares. The end user should to have access to the drives using RDP session to server B. Lets say we have 5 network share drives on server B and 7 users connected to it by RDP. Is it possible to give access to share1 and share2 only for user1 - user3 without permission to access share3-7. And the 4th-6th users have to got access to share 3 and 4 without access to share 5. And the last one user7 got access to all shared drives ?
  • William Baumbach
    0
    Here is a Powershell script you can use at system start up, and run every few hours. I have a start delay of 1 minute to give time for Cloudberry Drive to load, and mapped the Amazon S3 with driver letter.

    Use Windows Task Scheduler, configured do Run whether user is logged on or not

    This Powershell script will remove the EVERYONE permissions from the network shares, and add other users permissions such as DOMAIN ADMINS, user1, user2, etc.

    This works on just one or multiple shares. NOTE, this will not run a Windows Server 2008, R2, you will need a later OS, on where Powershell supports

    USe this in Powershell to see current permissions on the Cloudberry Shared folder(s)
    Get-SmbShareAccess "Share-Name-1","Share-Name-2","Share-Name-3"
    ////////////////////////////////////////////
    # 2023-12-22 Scheduled Task, changes folder share permissions
    # on Amazon S3 Cloud shared folders

    # note from William, need to run
    # Set-ExecutionPolicy RemoteSigned
    # Task Scheduler put in program/script: powershell.exe And in arguments -Command "<path to .ps1 script>"
    # Run under account "Administrators" and Must select "Run with highest privileges"


    Get-SmbShareAccess "Cloud Admins", "Cloud Users Desktops", "Cloud Admins 2023 and Before"

    # Adds domain admin full access to all shares
    Grant-SmbShareAccess -Name "Share-1" -AccountName "va\Domain Admins" -AccessRight Full -Force
    Grant-SmbShareAccess -Name "Share-2" -AccountName "va\Domain Admins" -AccessRight Full -Force
    Grant-SmbShareAccess -Name "Share-3" -AccountName "va\Domain Admins" -AccessRight Full -Force

    # Set permissions for each users
    $list_remove="Everyone","user-1”,"user-2","users-3"
    $list_add="user-1”,"user-2","users-3"

    # Remove EVERYONE, and userslist variable
    Revoke-SmbShareAccess -Name "Share-1" -AccountName $list_remove -Force
    Revoke-SmbShareAccess -Name "Share-2" -AccountName $list_remove -Force
    Revoke-SmbShareAccess -Name "Share-3" -AccountName "Everyone" -Force

    # Adds users-list permissions
    Grant-SmbShareAccess -Name "Share-1" -AccountName $list_add -AccessRight Read -Force
    Grant-SmbShareAccess -Name "Share-2" -AccountName $list_add -AccessRight Read -Force
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment