I am trying to figure a way of connecting 2 web server's file systems together so they can access each others files natively. The servers are Windows 2012 and connected directly to the internet via public IPs. One server will be for storing large files, the other for the scripts and database (web server).
Essentially, I need a way to securely map a drive/folder between these servers so they show as folders e.g. the "d:\www\assets" folder is actually on the other sever (junction). As this link needs to be accessible to the SYSTEM (apache service) not a single user, a mapped drive is not ideal. Open, unsecured shares are also not a good idea.
Playing with junctions and links in the console doesn't show any method to provide a login/password to the remote system. The junction is created but inaccessible. If I map a drive, it is only for that user and not available to the SYSTEM account that Apache is using. If I run Apache as a user and map a drive as that user, it likely won't survive a reboot or work without being logged in on the console all the time.
Are there any native ways to hook these 2 servers together securely? I have full admin access on both servers and can create as many users as required, but they are not in a domain or potentially even on the same subnet.
You may be able to use to a directory symlink via cifs/windows share considering you have have access to the local disk on one of the servers and the your sharing the the folder you want to symlink
for example:
on server a:
1. navigate to server a's local disk: d:\www\
2. mklink /d assets \serverb\assets
option 2DFS (unconfirmed)
if you can create a dfs on server on one user windows boxes, i believe you set dfs target to point folder assestes to \serverb\assets
Related
I have a windows service that will be running on a client server. This service needs to access 2 folders that are located in different shared folders (Y:\ and Z:\ ) which are both on separate computers (3 computers total).
Currently the service is only able to see files located on the same machine. When I do a IO.Directory.Exists() on the shared folders, it returns false.
Here are things I have tried:
Running as a Network Service
Running as a Local System
Running as a Local Service
testing existence with \\192.168.1.xx\path\to\folder
testing existence with Y:\ and Z:\
Creating a user on the other computers with the same Username and Password
Verifying the folders gave full access to everyone
Nothing yet has worked, any help is much appreciated.
In an Active Directory environment, Network Service and Local System both have network access to other machines in the domain; the server just needs to be configured to grant access to the client's computer account in the domain, i.e., the COMPUTERNAME$ account. If you use a UNC path the connection will be established automatically. You still can't use drive letters established in another logon session, but in most circumstances the UNC path will do.
In a stand-alone environment it's a bit trickier. The only reliable approach is to establish the network connection explicitly, which you can do using WNetAddConnection2 or any of the various alternatives. (Or if you can't call the Win32 API, you can shell out to the net use command.) In either case, once the connection is established you can use a UNC path. There is typically no need to map a drive letter.
If you must have a drive letter for some reason, it is usually best to use the WNetUseConnection function instead of WNetAddConnection2. That can be configured to select a drive letter automatically, so you don't have to try to figure out which letters are already in use.
Note that depending on the circumstances, it may be necessary to use the long form of the username for the account on the server, i.e., SERVERNAME\USERNAME or DOMAINNAME\USERNAME if it is a domain account. Windows 10 clients seem particularly fussy about this for some reason.
I am running PHP 5 and MySQL with Apache 2 in my Windows 7 PC. Everything (in localhost) is working fine and the localhost is defined in port 80 (It works!). But I would like to password protect (or lock) and hide server folder including htdocs. I mean, I don't want want another user to access the server folder and files. I know that I can remove installation information from add/remove programs menu by removing registry entries (hope it won't affect the server framework). But how can I prevent the users from accessing the server folder? The server folder is a master folder, in which I installed Apache, PHP and MySQL. I made it in C: drive(to ensure security). I want to lock the master folder (password protected). Only I should have the access to them (my friends use my PC). But the content (localhost) should be delivered (I mean the pages should come, along with PHP and MySQL) for everyone. Only a single user account is there (Admin).
How can I lock and hide my folder while running server silent/hidden. Is this possible with or without any software?
http://www.devside.net/articles/windows/password
http://www.brandx.net/support/buildingwebsites/passwords.shtml
http://www.thesitewizard.com/apache/password-protect-directory.shtml
Implement User/Password-protected Directories for Apache Server
This sort of question is a first for me, because I'm wondering if something that IS working SHOULD be working.
We have:
Server 1 - Win2K3 file server, which is also our domain server.
Server 2 - Win2008 R2 server where our MVC3 site is deployed, which is also joined to the domain.
I have code on server 2 that uses .NET file system (IO) classes to access server 1 using UNC paths that point to network shared directories, such as \\10.1.1.1\FileDirectory\.
This code works just fine, and we're not using impersonation or delegation. I'm wondering if this SHOULD work, or if it points to bad network permissions setup on server 1. I thought the MVC3 site ran as a local server system account of some sort that wouldn't have any domain access, which is why I'm confused.
Here are 2 screen shots of the permissions for the shared directory on server 1.
Share Perms
NTFS Perms
Thanks for any input. Let me know if I can clarify further or provide more information.
It would appear the the user your site runs as (App Pool Identity?) counts as an 'Authenticated User' from the perspective of the server with the share.
http://www.windowsitpro.com/article/user-management-and-profiles/understanding-the-authenticated-users-group
I need to use nodejs to write file to a password protected shared folder on a remote machine running Windows server 2008 r2, how can I do impersonation things within nodejs like .net app does?
Thx in advance!!!
PS:
Sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the impersonation stuff for nodejs?
Late to the party - but since there is no accepted answer...
You'll need to launch your node process using the account that has access to the network share. How this is done differs based on your setup. For example, if you're runnning node on a lLinux server trying to connect to the remote Windows server, then it's not going to be straightforward with node.
However; if you're running node on a Windows server, trying to connect to a remote share on another Windows server (which is what it sounds like your situation probably is). Again, you'll have to run your node script as a user with access to the remote share. If you need to do it from code, I'd suggest taking a look at my module node-windows. It doesn't provide remote share access specifically, but it will allow you to run command line code with a different account from within your node script.
I am familiar with Linux, less with IIS. I have been using Linux/Apache to share user directories for a while set up like this:
/home/user1/public_html
/home/user2/public_html
etc.
...and users can type in a URL to view their public files at:
http://www.mycompany.com/~user1/
http://www.mycompany.com/~user2/
etc.
Combined with SMB sharing and drive mapping on client windows boxes makes it very convenient for corporate users to drop files into a publicly available folder temporarily for someone else to download. They just email the other person the URL.
Searching the internet for "IIS public folders" and variants, yields OWA and Exchange results which I don't want. What is the proper terminology for this setup in Windows/IIS? How do you do it in Windows for all domain users?
In IIS you have to create a virtual directory for each user. IIS does not have an equivalent of the Apache UserDir directive. That's because IIS does not have a concept of users (in the sense of a subscriber to a webserver host).
Of course you could roll your own definition of who users are in IIS. In IIS 7, things like virtual directories are stored in an XML file ApplicationHost.config. You can either create the virtual directories manually via the ISS console, or programmatically via the ApplicationHost.config file.
Reference:
(1) http://www.advancedinstaller.com/user-guide/tutorial-iis.html#virtual-directory
(2) http://httpd.apache.org/docs/2.0/mod/mod_userdir.html#userdir
(3) http://learn.iis.net/page.aspx/124/introduction-to-applicationhostconfig/