none
Offline files bypass server quotas

    Question

  • Hi everybody,

    I'm facing a quite wierd problem and hope someone could give some light on this. I have following scenario:

    • Windows 7
    • Offline files enabled for a network drive named F:
    • Desktop and Favourites redirected to a folder with same name on network drive F:
    • File Server Windows Server 2003 updated to last partches and service packs (not R2)
    • Quotas enabled on Drive hosting users data. Quotas are managed by a third-party software

    Everything works well while users are working online, but when offline files make network drive available offline (or slow-link mode) and backs online again and start syncing users are able to bypass the quota.

    After some research I realized that cscservice that is running under Local Account privileges and is in charge of syncing offline data make that operation with a security context that bypass quota control.

    This problem is solved upgrading or migrating servers to 2008 or later, but this is mid-time solution that is already planned. But I need to found a work-around that partialy solve this problem on 2003 file servers since this has become a Critical topic.

    I've been thinking on deploy quotas on those volumes where user data are stored, but since the operation is performed under Local System account, applying a quota to those volumes seems not to be a good a idea.

    I'm also started to consider an upgrade to Windows 2003 R2, and deploy quotas by folder instead of by volume, by if I must perform an upgrade, I think it should be better to upgrade to Windows 2008 or 2012.

    So any sugestion or idea any of you could put in will be great!!!

    Many thanks in advance.

    Regards!


    Twitter 

    Tuesday, October 15, 2013 8:45 AM

Answers

All replies

  • Hi,

    As you said in Windows Server 2008 with FSRM, the issue could be fixed.

    In Windows 2003 it seems there is no workaround as itself does not provide folder level disk quota. If the third party tool cannot help preventing anyone (including local system account) from writing files to the folder, we may not able to find another method. Actually stop users from uploading their offline files to server may cause different issue such as data lose. So maybe set a warning is better than simply restricting.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Wednesday, October 16, 2013 4:30 PM
  • I also started to consider an upgrade to Windows 2003 R2, and deploy quotas by folder instead of by volume, by if I must perform an upgrade, I think it should be better to upgrade to Windows 2008 or 2012.

    Upgrading to R2 takes all of 5 minutes or less per server.    We've had several servers acting as file servers in our environment when we decided to configure quotas.   Many of them were 2003 (non-R2) and as part of the rollout of the quotas each of the 2003 servers had R2 'installed' which took a couple minutes at best and a reboot.   At that point you could add the File Server Resource Management option as a Windows Component and immediately start using Quotas.    2008/2012 is definately a good option, but if you're looking for a quick solution, installing R2 is extremely fast with only a quick reboot for downtime.  You can add the FSRM role without rebooting again (I always do though) afterwards and start using the quotas immediately.

    Now, we are already licensed for R2 via an Enterprise Agreement so upgrading to R2 was not a cost concern for us.   Not sure how it works if you're a smaller shop and are not already licensed for R2.   



    Brian / ChevyNovaLN


    • Edited by Brian Busse Wednesday, October 16, 2013 5:40 PM
    Wednesday, October 16, 2013 5:38 PM
  • Hi Shaon,

    We agree that stoping users from uploading information could be worst than the problema itself, so sending a warning message "could" be a work-around. I put "could" in quotes because we are treating with users which in turns has other social/politics problems rather than those strictly technical.

    Nevertheless thanks for your answer and your help ;)


    Twitter 

    Thursday, October 17, 2013 8:08 AM
  • Hi Brian,

    Thanks for your reply but my own experience with updates to Windows 2003 R2 is far from being a "smooth" process, and bearing in mind that those server are reasonable big and quite important we must be extremelly careful with any aproach we may propose.

    Nevertheless, thanks again for your answer.


    Twitter 

    Thursday, October 17, 2013 8:15 AM