Roaming Profiles

There are installations that use roaming profiles to provide a centralized Active Directory service to a distributed organization. For example, a company might have a site in San Diego with the main Active Directory server, and have another site in Chicago that "roams" via VPN to the Active Directory server in San Diego.

Situations like this often result in slowness related to obtaining security information. For example, if you view the security of a file, you will see a set of hexadecimal numbers in the security list, each representing a user ID. These numbers resolve into actual names within a second or more of opening the list. This is because the local computer has to access the remote Active Directory to translate the user-ID to an actual name.

Two operations are affected by this slowness of the "roaming" process:

During the process of creating a new Job, the Agent scans the folder and verifies the security settings. This is "step 1" of the two-step mapping process. Although the Agent does not check every single file, the process may be extremely slow.
If you set ACL copy to copy security between sites (either automatic or manual), the process might take a very long time. For example, if there are 100,000 files in a Job, the ACL copy process might take more than a day.

The best way to avoid the slowness problem is by using security of predefined users. For example, before mapping a folder to a new Job, change its security, as well as the security of all the files and subfolders under it, to SYSTEM and EVERYONE having full control. Because these are predefined permissions, the local computer does not need to roam, allowing everything to process very quickly.

If possible, it is desirable to keep this security even after the creation of the Job (and control user access via the share permissions).

If that is not an option, then use the following process to create a new Job:

Check the actual security of the folder, so that you can restore it later.
Change the security of the folder and all its content to SYSTEM and EVERYONE having full control.
Using an Agent, create a new Job for this folder.
At the end of the mapping process (which may take a few minutes), you will get a confirmation dialog box. Verify on the Agent that the Job has been created.
Stop the Agent. Preferably, this should be done after the files finished the initial upload, but it is OK to stop it before they are done uploading.
Restore the security as desired.

Always include SYSTEM full-control on every file and subfolder. Otherwise, the Agent might not be able to access it.
Start the Agent.

If the above process is not feasible, e.g., if there is a very complex security setting that will be difficult to restore, a special procedure is available that will accelerate the process by disabling the security check during Job creation. Please contact GlobalSCAPE Technical Support for the procedure.

This online help file is for WAFS version 4.3. For other versions, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 29-Sep-14 at 10:59:19