On Mon May 5 16:42:44 2014, Jeremy Webber wrote:

... The problem is that users, via their windows clients, sometimes set permissions so that administrators, including the backup software (which is in the "Backup Operators" group) cannot see data.

Hi,

What backup software is that? My memory may be a bit hazy but ... if the backup software is really running from a domain account which is a member of the backup operators group and if it makes the correct api call with "Backup-semantics" then it should have (read) access to everything. That is really the purpose of that group ...

Is there a way that I can add an ACE to all files and directories in a qtree without interfering with existing ACEs? From the Filer I can only think of fsecurity, but I have never used to

change access, only view.

You might try using wcc to verify the configuration / rights of the account being used. E.g. you might see output like this:

(NT - UNIX) account name(s): (EU\euadmin - root) *************** UNIX uid = 0 user is a member of group daemon (1) user is a member of group daemon (1)

    NT membership
            EU\euadmin
            EU\Domain Users
            BUILTIN\Administrators
            BUILTIN\Backup Operators
            BUILTIN\Users
    User is also a member of Everyone, Network Users,
    Authenticated Users
    ***************

Here the Filer is connected to a domain "EU" and a domain account "euadmin" has been added to the group "Backup Operators".

HTH!

Yours, Robb W.