Subscribe

How to restrict access to Previous Versions functionality to domain admins only on CDOT?

There's a write up here https://kb.netapp.com/support/index?page=content&id=1010287, specifically Procedure 5, but I'm not sure how to apply this change on CDOT 8.3.1P1

Re: How to restrict access to Previous Versions functionality to domain admins only on CDOT?

Hi,

 

You can refer the link https://library.netapp.com/ecm/ecm_download_file/ECMP1366834

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: How to restrict access to Previous Versions functionality to domain admins only on CDOT?

[ Edited ]

That is good document, but i dont see where it describes restricting the capability to domain admins only.  Until I get this sorted i'm going to have to disable -snapdir-access.

 

EDIT:  I tried a few more things and I am not able to restrict this functionality.  if anyone has further information on this please let me know.

Re: How to restrict access to Previous Versions functionality to domain admins only on CDOT?

Hello,
we have the same problem. There are for this CDOT KB Doc ID 8010364 and for 7Mode this KB Doc ID 1010287. In 7Mode that works with the workaround, when CDOT it does not go, there is the option Volume -snapdir-access, but if true then are previous version, the SnapShots visible to all users. Probably just the solution via GPO is hide the previous version tab.

A question for the round, someone has an idea ...?

Re: How to restrict access to Previous Versions functionality to domain admins only on CDOT?

we never went with the GPO route because fixing the Client side isn't a real solution.  Right now I modify the variable as needed

vol modify -volume usershares -snapdir-access true

Re: How to restrict access to Previous Versions functionality to domain admins only on CDOT?

[ Edited ]

our problem is, that we have to point 5 attempts from the document KB Doc ID 8010364. once -snapdir-access true, the user will have full access according to their ADS privileges on the tab Previous Version. We currently have a GPO that the normal user hides the recovery in use, only admins.