Best Practice – Configuring winACL with AD (QSM4)
This article summarizes the best practices for configuring Windows ACLs in QSM4 when joining an Active Directory (AD) domain and managing CIFS shares using a Windows machine joined to the same domain.
Download: Best Practice PDF
Click here to download Best Practice of configuring winACL with AD.
Key Sections:
- Audience: guidance for optimal permission configuration in QSM4 with AD and Windows ACL.
- Environment: STORAGE SAN/NXT; QSM v4.0.3; RAM 16GB; AD server 192.168.202.99; XCubeNXT 192.168.195.1.
- Configuration Steps:
- Create pool and file volume; create share; add to CIFS share host.
- Join AD domain and grant AD user “test1” permissions to the test share.
- Enable Windows ACL; if the share was accessed before, clear sessions with
net use * /d /y. - Join the Windows client to the AD domain; do not configure permissions directly on the AD server.
- Log in to the CIFS share using the local
adminaccount. - Edit permissions: select local admin → set inheritance to “this folder, subfolders and files.”
- Add AD user “test1” as a principal and set Read-only.
- Create a subfolder and a
testfile; disconnect admin (net use) and reconnect astest1. - Validation: editing the file and creating new files should return “access is denied.”
- Apply To: XN8100D / XN5100D.
- References: QSM4 Software Manual.
Critical Notes:
- CAUTION: Use a Windows client joined to the domain—do not configure permissions from the AD server.
- TIP: Clear SMB sessions with
net use * /d /ybefore enabling Windows ACL to avoid stale connections.
JetStor Support
For assistance with this procedure on JetStor deployments:
๐ง [email protected]
๐ซ Submit Support Ticket