English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Resetting Shared folders status
-
Hi,
I need to remove the sharing from dozens of subfolders that a user has shared with other users. Is there any way as administrator to reset everything without having to remove sharing folder by folder ? Thank you
-
If all the folders being shared are child folders, just edit the parent folder and select the options for "Apply to all child folders" and "overwrite child folders". This will overwrite permissions on all child folders to whatever you have set. This is the preferred method.
If there are lots of parent folders that are top level folders in the mailbox, then you'll have to look at solutions outside of the UI that can remove the [Access Control] section from the HiWater.mrk file. Below is a powershell script that will remove the [Access Control] section from every hiwater.mrk it finds in the $Path provided. You'll have to replace domain.com with your domain name and mailbox with the actual user's mailbox. Once the script is ran, it is NOT recoverable. Please make a backup of your mailboxes before proceeding and test thoroughly before running this in your live environment.
This script will install the PSINI module and remove ALL sharing from ALL folders found in the PATH provided. If you set the Path to c:\MDaemon\Users\ all sharing will be removed for all accounts in all folders. Proceed with caution!
#PowerShell version 5 or higher is required. $Path = "C:\MDaemon\Users\domain.com\mailbox" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Install-Module -Scope CurrentUser -Name PsIni Import-Module PsIni ForEach($File in Get-ChildItem -Path $Path -Filter "hiwater.mrk" -file -recurse) { Write-Host $File.FullName $HiWater = Get-INIContent $File.FullName $HiWater.Remove("Access Control") $HiWater | Out-IniFile -Force $File.FullName }
-
Ok, thank you
-
Hi, it worked. I run the powershell script, thanks.
-Can you also briefly explain me what happens when you share a folder? In the folder hiwater.mrk, the “Access Control” line is added but how do the various users with whom the folder is shared get it showed in their webclient? Is something written into their account as well, or are all the hiwater.mrk's of all the users scanned each time looking for the “Access Control” line?
-Also, can a user share a folder with a user from another domain, always managed by the same mdaemon ?
-
Can you also briefly explain me what happens when you share a folder? In the folder hiwater.mrk, the “Access Control” line is added but how do the various users with whom the folder is shared get it showed in their webclient? Is something written into their account as well, or are all the hiwater.mrk's of all the users scanned each time looking for the “Access Control” line?
When an account shares a folder the hiwater.mrk file is updated in the folder that is shared. The AclShLookup.dat file is also updated and this is the file that is checked when an account logs in. It would be very slow to search every hiwater.mrk file in every folder in every mailbox when a user logs in.
-Also, can a user share a folder with a user from another domain, always managed by the same mdaemon ?
Yes as long as the users are both on the same MDaemon.
-
Can I clean up the AclShLookup.dat completely ? Because despite powershell script removed “Access Control” from hiwater files, AclShLookup.dat still contains numerous shared folders
-
The AclSHLookup.dat file should get rebuilt during maintenance. If you want it cleaned up now, you can do it manually. I would suggest only removing the entries for the folders that you are trying to prevent from being shared. If you delete the entire file, no shared folders will be accessible on the server until the file is rebuilt.
Whatever you do, backup the file before you do it, just in case.
-
hi, even today after the maintenance, AclSHLookup.dat contains various shared folders despite removing them all yesterday thanks the powershell script. So I proceeded to clean it completely and now it looks fine. I would not like that having recovered this mdaemon through various vicissitudes from a cryptovirus attack, some component of MDaemon is broken.
-
It sounds like you've addressed the sharing issue and the shared folders that you were attempting to unshare are no longer visible to other users, is that correct? If it is, I'd suggest backing up the aclshlookup.dat file, just in case.
Regarding your concern about MDaemon being broken after recovering from an attack. When you run an MDaemon installation, it replaces all the dlls and exes on disk, so if you are concerned that one of them may still be compromised, I'd suggest re-installing MDaemon. Also, we digitally sign every exe and dll that we build, including the installer. You can check the digital signature of a file by right clicking the file, selecting properties and then Digital Signatures.
-
>It sounds like you've addressed the sharing issue and the shared folders that you were attempting to unshare are no longer visible to other users, is that correct? If it is, I'd suggest backing up the aclshlookup.dat file, just in case.
Yes exacyl, now they are longer visibile and aclshlookup.dat is clean. thanks. I'm also going to reinstall mdaemon.
