Restoring Shared Folder Permissions on Windows Home Server
With every reboot, Windows Home Server (WHS) automatically resets the permissions for all shared folders in the shared directory. If you are using one or more of the shared folders to host files for services that require customized access for users other than the Home Server accounts, those services will likely stop functioning properly after a server restart. Common examples include web servers, such as IIS or Apache spitting out Access Denied messages, or FTP servers returning read or write errors.
Solution
One way to get around this issue is to setup a scheduled task in Windows that runs a batch file to restore the file permissions at system startup. The example batch file below restores read access for the Authenticated Users user group on a folder called Http, which is used as the root for an IIS web server and takes advantage of WHS folder duplication.
-
echo y| cacls d:\shares\Http /E /T /G "NT AUTHORITY\Authenticated Users":R
Remarks
Obviously, this approach is limited in that you have to multiply the above command line for each folder and user, but it works very well if only a few permissions need to be restored, such as in the example use case above. Note that the /T parameter applies the permission change to all files in all sub-directories as well. The /E parameter ensures that the user is adding to instead of replacing existing permissions, so that shared folder permissions configured through the Windows Home Server Console remain unaffected. Please refer to the help on cacls for additional permission options on the folder’s access control list.
A Very BIG thank you for sharing this! My WHS doubles as both my family’s home server AND my ColdFusion web development server. After a crash and not being to recover my database files, I rethought my setup so my mySQL files are now replicating in the shares directory (rather than not being backed up on the limited space on the C drive) and I can now set my IIS directories in the shares and replicate them as well (I wasn’t able to do this before because of the permissions being reset every time the server rebooted).