allmecht ✭✭✭✭✭

You can use dataowner and restrict the access to just the specific groups. Apply restrictions to the role as needed.

First, I wonder how to connect to an ARM server via a relay?

Just for the record: If the client does not logoff the database will keep filling up. The database cleanup job does not work with clients logged in

Why not contact the Solarwinds support???

Lets start with the ARM config

Without the config nobody can tell what happened

Hi Lukas, could you show us your DFS configuration?

I think that your way of creating user object isn't the best. Imagine you 2 Jane Doe. How do you prevent this? Will it be jane.doe1 and jane.doe2 or jane1.doe and jane2.doe? With your kind of mechanism it is not possible to create unique samaccountnames and userprinicipalnames

The problem is with a synology attached to a DFS. That information wasn't supplied by msizec.

In your case you transfered an ARM managed group to AD group which is not managed by ARM. So the behaviour of ARM is totally correct.

Did you check the arm server log for errors when you encounter this issue?

This doesn't matter. The "issue" with _1 group creation is totally correct if there isn't a arm group set on this specific folder. So ARM has to create a permission group regardless if there exists one in the AD.

if ARM creates a group with _1 as a postfix then the original group is no longer managed by ARM. Or a group with the same name already exists. if you want to use the existing group without a new _1 group just set the permissions with this group and disable the group wizard.

It's not possible to define a specific path. But you can turn off the group wizard. That's how I set direct permissions.

Unfortunately there are no examples for postgresql. Just MS SQL Server.

It's never a good idea to go with unlimited autogrowth. @"itengineer" set maxsize so that some free space on T: is left over.

DFS list permissions have to be setup before ARM can use the DFS at all. It's a manual configuration within the DFS.

Für alle, die mitmachen wollen: Einfach unserem Slack Channel beitreten. https://join.slack.com/t/arm-dach-usergroup/shared_invite/zt-n3mi8ng3-3KI8wC4Yjhgkq3IywGoNqQ

/push

Have you changed the default permissions on the DFSroot folder for the Zentral share? It's essential that the permissions on the target are nterrupted. But without any additional information it's not worth to do furher. We would need the exact permission set on the DFSroot, the view permissions on the DFS folder, the share…

Have you set ABE on the DFS target?

Hello Andreas, my fault. It has to be activated on the target share and in the DFS config

Hi Norbert, I don't think he is into dataowners with his "problem". Imho it's just a misconfiguration on the windows side or a bug within Windows. But has nothing to do with ARM itself.

You have to enable ABE at the Zentral level as well.

ABE has nothing to do with ARM. That's Windows. To configure DFS with ARM is fairly easy. Just setup a Windows Share put the correct share permissions on it, set the NTFS permissions to a user/group so ARM can set permissions. ABE has to be enable on share level. Of course you have to add the share to the DFS.

Yes, but you can tell ARM to save the resulting reports on a network share. Look at the administrator guide. The key word is custom storage path. You will find it on the bottom of the report creation dialog where you set the format, the schedule and the email address.

Archiving the reports is easy. Just put them on share. That's how we save our reports. For your database concern, I recommend to use the ARM buitlin archiving mechanism. It's not limited. The only thing is you have to backup the archived scan files.

Not really. Just a network share

Hello Jim, I can't tell anything about HIPAA. But as long as you don't have to keep the data in your ARM database it's fairly easy to keep 6 years of ARM data. We kept it almost 10 years, accidentially ;-). ARM has a builtin archive function. Which is quite handy. I don't know if it is on by default. At least you can turn…

Hello Jim, the setting does exactly what is written on screen. On the 9th directory level and below only permission changes will be scanned. So if you have a directory on the 9th level and below are no additional permissions set you won't see any directories below. That's it. BTW. You know Microsoft recommends 3 max. 5…