Access Connect runs as a standard Windows service on the Windows server it is installed on. By default, the Access Connect service runs in the context of the Windows local SYSTEM account. By acting as this account, Access Connect has access to the files and folders in Access Connect volumes that are located directly on the server’s storage. When Access Connect is configured with Network Reshare volumes, it also needs access to the files and folders on the remote file servers and NAS devices that are being reshared. In order for Access Connect to be allowed access to these files, the Access Connect service must be reconfigured to run in the context of an Active Directory (AD) user account that has Administrator access to the local Windows server and Full Control access to any necessary file shares that exist on remote servers or NAS systems being reshared.
Note: On the machine running the Access Connect service, you must not have a local account with the same name and password as the Active Directory account used by the Access Connect service.
If you’re using Windows 2008 R2, ensure you’ve installed this Microsoft hotfix. It addresses an issue that is directly related to Windows functionality used by Access Connect Network Reshare. Hotfix link:http://support.microsoft.com/kb/2647452
To configure Network Reshare:
Ensure you’ve upgraded to Access Connect version 8.0 or later and have launched the Access Connect Administrator application at least once and allowed the Access Connect service to start up.
Configuring the Active Directory account which will handle authentication for Access Connect:
In Active Directory: Create or identify an AD user account that will handle authentication for Access Connect. Ensure the AD account used is dedicated to this Access Connect server, has a fixed password, is not subject to group policies for password expiration and is a subject to any domain group policy necessary to grant the rights to "Act as part of the operating system" and "Log on as a service".
On the Access Connect Server: Add the dedicated Access Connect user account to the local Windows server Administrators group. This user needs Full Control permissions to the C:\Program Files (x86)\Group Logic\Access Connect folder and to any locally shared volumes.
On remote shares: The dedicated Access Connect account needs Full Control access to the remote shared volumes as defined in NTFS or NAS device permissions. On the EMC Isilon, true 'Full Control' requires granting the service account the Isilon right "Run as root".
Add the selected user to the Windows server’s local security policy
From Administrative Tools on the Startmenu, open Local Security Policy. This policy is found under Security Settings -> Local Policies -> User Rights Assignment section.
Double click “Act as part of the operating system” and add the chosen user. You may have to reboot Windows for this setting to take effect.
Open the Services control panel.
Open the Extreme-Z IP File and Print Server for Macintosh service’s properties by right clicking on the service from the Services control panel.
Select the “Log On”tab and choose the “This account”radio button.
Configure the service to log on as the same AD service account used in step 3. Keep the Services control panel open. You will need it again in step 7.
Turn on Network Reshare support
Start the Access Connect Administrator application.
Click the Settings button.
Open the File Server tab.
Select the Enable Network Reshare support checkbox.
Click OK.
Press the Close button to close the Access Connect Administrator.
In the Services control panel restart the Extreme-Z IP File and Print Server for Macintosh service.