Winflector.com - forum Winflector

Forum > Product technical support > Local File System - (Client File System)

Autor: sajjad Data: 2015-08-17 13:55:12	Hi, in my application, i have to upload files and export files as well from application. 1. Is there a way that the client application can access only the client file system and not the server file system?2. Also is there any mapping possible that even if the user uses server file system then she is able to access the same files on her local machine ?
Autor: Bozena (staff) Data: 2015-08-18 16:37:53	You can enable client filesystem for the application in the following steps: Turn off 'Disable filesystem mapping' option in the server configuration restart the Winflector server then the application will see client disks under 'c:\wfmount\.
Autor: Mirek (staff) Data: 2015-08-21 13:57:12	1. The only way to limit Winflector user access to server files is to choose Windows authentication in Winflector and set appropriate files and folders permissions in Windows. 2. No. File mapping works in one direction only. So, you can read/write client workstation files on the server but you cannot access server files from the workstation.
Autor: Matty Data: 2018-06-30 07:02:54	As per above, I would like to limit users' access to the server's file system and to not elevate users' permissions to the file system on the client. Is the following still the only or best way of achieving this? The only way to limit Winflector user access to server files is to choose Windows authentication in Winflector and set appropriate files and folders permissions in Windows. I have setup an instance of Winflector Server on Windows Server 2016 setup as a DC. When I set the authentication method to "Local Windows/Active Directory", I can successfully login to Winflector Client from another machine with either an administrator or a standard user account. However, I can only launch applications successfully if the account used to login to Winflector Client is an administrator account. If I login with a standard domain user account, applications fail to launch with the attached error message. If I add a domain user account (that precipitated this issue) to the administrators group, I am able to successfully launch applications. Is it a prerequisite for the account that is used to launch an application via Winflector to be an administrator account? If so, it could be that a standard domain user launching an application via Winflector will have elevated permissions on the client machine via the WfMount folder.
Autor: Mirek (staff) Data: 2018-07-02 13:34:00	Please read the following article: http://www.tomshardware.co.uk/faq/id-1944436/windows-server-2012-domain-user-log-domain-controller-locally.html The article applies to Windows Server 2012, but I think it will also help for 2016.
Autor: Matty Data: 2018-07-02 15:47:15	I had read that article and applied the group policy changes but it didn't resolve the issue. If Winflector runs as a domain administrator account, will Winflector provide elevated permissions to the server's file system and the local client's file system (via the WfMount folder) to which the domain user launching the application would otherwise not have access?
Autor: Mirek (staff) Data: 2018-07-03 10:01:23	Permissions are determined by Windows account on which application is launched. So, if it is admin account, admin permissions are granted. If you still receiving the sam error 53 with suberror 874 the only reason is that the server acts as a domain controller and user has no permission to login on the server. So the policy is still not adjusted or something else had been changed in 2016 servers.
Autor: Matty Data: 2018-07-03 13:43:18	Thanks Mirek, Without updating Windows user folder permissions, is there any way of blocking an application launched via Winflector from accessing the server's file system with the exception of the "WfMount" folder?
Autor: Mirek (staff) Data: 2018-07-03 14:12:10	Thanks Mirek, Without updating Windows user folder permissions, is there any way of blocking an application launched via Winflector from accessing the server's file system with the exception of the "WfMount" folder? Unfortunately not. At the moment the only way is to block access at the Windows permissions level.
Autor: Matty Data: 2018-07-04 04:34:56	I revoked write permissions to "C:WfMount" on the server for the user that Winflector runs as but the application on the client was still able to write to that path. Do permissions revert to those set on the client for the local directories that "C:WfMount" is pointing to?

Zaloguj się aby móc pisać na forum.