0

I'm facing an issue with sharing folders on Windows Server. The application is as follows:

There are 3 servers, one "source" and two "targets". The source has a service running on it, which occasionally needs to copy some files from a local folder, to remote folders on the target machines. I cannot control this service's code at all - only provide the destination paths (such as \\target1\d$\targetFolder)

I have all 3 machines created from the same image, which has a local user defined (called serviceuser for this example), made the service on "source" run with this .\serviceuser identity and shared the target folders to this .\serviceuser identity as well.

However, the service fails to copy the folders. I believe this is due to the fact that as these are 3 different instances (with different machine names and thus different "local domains") they do not recognize the source machine's serviceuser.

Is there a way to support this flow without creating an Active Directory domain across all these machines, and without sharing the folders to "everyone"?

motig88
  • 157
  • 1
  • 8
  • 1
    Have you tried to login as `serviceuser` then access the remote share? It might not be a permissions issue at all. Because you can’t see inside the service, first login as the `serviceuser` and make sure you can access the shares, then go back to trying to make the service work. Btw, your setup only works if `serviceuser` has the same password on all 3 machines. But at this point I’m not sure we even know it’s a permission issue, could be firewall, name resolution, settings on the server, etc. – Appleoddity Nov 05 '17 at 14:02
  • @Appleoddity you are correct, I did do those tests before posting the question and could not access the folders but it seems that was due to some other quirk. As you can see in my answer below this approach eventually did work after a few changes to the way I've set this up. Thanks! – motig88 Nov 05 '17 at 20:35

1 Answers1

0

Well, after more tinkering it turns out this method does work, and the issues were caused due to other things I've missed.

As Appleoddity correctly mentioned, this approach only works if the user not only exists in all machines but also has the same password, which was the case.

You do also need them to be on the same security group or have the correct ports opened between the groups to ensure this can work.

Lastly, it seems that locally sharing with the net share command is not enough (in my case the net share command was run by the administrator user, to share a folder that said service needs to access to the user running the service). For a local user to access a local folder, which it turns out I also needed, I had to also run an icacls command to grant the service user permissions.

Altogether my issues stemmed more from a misunderstaing of some of said service's technical requirements and from issues with the automation scripts running to set up the permissions, folder sharing and service logon on cfn-init, however I hope this question/answer helps anyone else looking to see if this is possible without use of a directory service.

motig88
  • 157
  • 1
  • 8