On the Security Settings tab, place a check in the appropriate checkbox to change permissions and other options. Enter information for Directory Services in the appropriate text boxes.
If you select this option, Macintosh clients can change folder permissions. With this option disabled, Mac clients are prevented from changing permissions the Windows Administrator has set on the server. Many Macintosh applications set unexpected permissions without user intervention. For increased reliability, it is recommend that Mac clients not be allowed to modify permissions unless this capability is required for a particular workflow.
If you select this option, the behavior of the move operations changes so that, when folders or files are moved, their permissions are changed to those of their new parent folder.
UNIX permissions and Access Control Lists (ACLs) require that the Access Connect service have access the list of users in Active Directory in order to resolve SID, UUID, UID, and name mappings. For UNIX permissions, the Macintosh client requests a name mapping for UID. However, for the ‘ls’ command the Macintosh uses AD and does the name mapping internally. Therefore, the Macintosh does not make a name request to Access Connect. If the UID Access Connect provides does not match the user’s UID obtained from Active Directory, then the Macintosh will not allow the user to change UNIX permissions at all. In addition, the client will not be able to determine the user’s group membership or if the user is the owner.
To verify your account, enter the requested information in the Directory Services text fields. This account will be used to search Active Directory to resolve account IDs. By default, Access Connect will search within your entire Active Directory forest to validate security credentials. If you would like Access Connect to only search the Domain specified, uncheck the Use Global Catalog option. Add additional search criteria, if necessary, and click Validate Account. If the credentials are invalid, the service will not be able to access Active Directory and UNIX permissions will be disabled. Access Connect DFS support requires that this option is enabled and that valid Directory Service credentials are entered.
To support ACLs on all volumes, check this box.
If you check the Folders option, users will see only folders that they can access. If you check the Files option, users will only see files that they can access.
This option lets Windows users, who have Administrative privileges, use the Remote Administration features of Access Connect to configure the server remotely; see Administering Access Connect Remotely.
You can require that Active Directory users change their sign-on password after a specified time. With this textbox, you can notify Macintosh users that their old passwords are about to expire and ask them to create new passwords.
If you would like to use IPv6, check the Enable IPv6 checkbox. On some versions of Windows you will need to install IPv6 manually before services such as Access Connect will be able to use it.
UNIX permissions and ACLs require access to Active Directory in order to resolve SID, UUID, UID, and name mappings. For UNIX permissions, Finder requests a name mapping for UID. However, for ones, the Macintosh uses AD and does the name mapping internally. Therefore, the Macintosh does not make a name request to Access Connect. If the UID Access Connect provides does not match the user’s UID obtained from Active Directory, then the software will not allow the user to change UNIX permissions at all. In addition, the client will not be able to determine the user’s group membership or if the user is the owner.
To verify your account, enter the requested information in the Directory Services text fields. Add additional search criteria, if necessary, and click Validate Account. The SSL option can be selected to enable secure SSL communication with Active Directory. If the account is not valid, you may not be able to access Active Directory and UNIX permissions support will not be enabled. In addition, DFS support will not function.