Windows Offline Files query
-
I have earlier posted in Spiceworks but after 5 or so hours, still no answer. Perhaps ML has some pointers.
We have Windows 2008 (not R2...I know its quite old, I may get a lot of spanking here..hehehe...but I already asked the management to upgrade to 2012/2016) with Windows 7 clients.
I have configured a network folder to be offline through GPO, worked wonderful. However, when I changed the ACL (removing a group's access access to it) of a sub-folder, it is still accessible via offline. To troubleshoot further, I accessed the sub-folder while online and gotten an access error, which is expected. Now, disabled network again--to be offline, the sub-folder was not accessed (as it should).
So, I would like to ask, if this is a default behaviour of offline files (you'll need to force it to recognize the ACL change) before it update the access? Shouldn't the propagation of access be automatic? Or I have some mis-configuration somewhere?
-
I believe that that is correct. Offline files have to cache permissions or else they cannot work. There is no way or at least no way to necessarily push permissions to something offline.
-
Keep in mind that the alternative to offline folders is for the user to simply make their own copy of the files - taking away your ability to manage them completely. Offline folders gives you a balance in the middle. The file is something that the user already had access to, so there shouldn't be a security concern in needing it taken away quickly as they could already have their own copies.
-
I don't have an offline folder here to work with, but I'm pretty sure that if you were to update the files with new data, and then have the offline folder pick up those changes, that the new ACLs would apply. It's because the offline folder is still acting as offline and working from the cache that the ACLs don't apply yet.
-
@scottalanmiller said in Windows Offline Files query:
I don't have an offline folder here to work with, but I'm pretty sure that if you were to update the files with new data, and then have the offline folder pick up those changes, that the new ACLs would apply. It's because the offline folder is still acting as offline and working from the cache that the ACLs don't apply yet.
I have yet to try to update the folder. However, removal of their access was from last week, and it didn't propagate. Luckily, there are only a handful in the group, about 8 of them. I have manually tried to access per user to update the access.
-
I have no idea how quickly, or if ever, that it would propagate if there are no changes.
-
Sounds like the typical workings of offline folders. Nothing you can really do about it.
Have you considered testing Work Folders? I think it requires 2012, but may be worth an evaluation.
I think this may be helpful: https://blogs.technet.microsoft.com/filecab/2015/09/04/comparing-work-folders-and-offline-files/
-
Thanks SAM and Tim!
Seems that there is really nothing I could have done better than manually accessing the folder.
@Tim_G , I'll take note work folder, have not heard of it 'till now (I'm really out-dated...hehehe).
-
Yeah, 2008 is nearly a decade old! One more year to go.
-
I think SAM and Tim are right, sounds like once you go Offline with Offline Folders, you can't get ACL updates until something else happens.
-
@vhinzsanchez said in Windows Offline Files query:
We have Windows 2008 (not R2...I know its quite old, I may get a lot of spanking here..hehehe...
-
Even with the GPO enabled - do offline file/folders sync if the user never touches the files?
I've never tried that.
-
@Dashrender said in Windows Offline Files query:
Even with the GPO enabled - do offline file/folders sync if the user never touches the files?
I've never tried that.
They would already be synced.
-
@scottalanmiller said in Windows Offline Files query:
@Dashrender said in Windows Offline Files query:
Even with the GPO enabled - do offline file/folders sync if the user never touches the files?
I've never tried that.
They would already be synced.
So you're saying the GPO would force a sync of files that a user has never touched? I.E. New user - they log in, GPO applies - forces syncing of files to local machine instantly. Is that right?
-
@Dashrender said in Windows Offline Files query:
@scottalanmiller said in Windows Offline Files query:
@Dashrender said in Windows Offline Files query:
Even with the GPO enabled - do offline file/folders sync if the user never touches the files?
I've never tried that.
They would already be synced.
So you're saying the GPO would force a sync of files that a user has never touched? I.E. New user - they log in, GPO applies - forces syncing of files to local machine instantly. Is that right?
No, I'm saying that if they are never touched, they would not have stopped being in sync. Therefore, still in sync.
-
@Dashrender said in Windows Offline Files query:
I.E. New user - they log in, GPO applies - forces syncing of files to local machine instantly. Is that right?
I don't think that the GPO does anything here other than turning on Offline Folders. Then OF syncs up at appropriate times (e.g. when the files are out of sync but available to be synced.)
-
@scottalanmiller said in Windows Offline Files query:
@Dashrender said in Windows Offline Files query:
I.E. New user - they log in, GPO applies - forces syncing of files to local machine instantly. Is that right?
I don't think that the GPO does anything here other than turning on Offline Folders. Then OF syncs up at appropriate times (e.g. when the files are out of sync but available to be synced.)
OK, then in that case, your suggestion of adding a new file wouldn't actually do anything, because the user never opened the new file.
-
@Dashrender said in Windows Offline Files query:
@scottalanmiller said in Windows Offline Files query:
@Dashrender said in Windows Offline Files query:
I.E. New user - they log in, GPO applies - forces syncing of files to local machine instantly. Is that right?
I don't think that the GPO does anything here other than turning on Offline Folders. Then OF syncs up at appropriate times (e.g. when the files are out of sync but available to be synced.)
OK, then in that case, your suggestion of adding a new file wouldn't actually do anything, because the user never opened the new file.
I agree, that would not work. When did I say that?
-
@scottalanmiller said in Windows Offline Files query:
I don't have an offline folder here to work with, but I'm pretty sure that if you were to update the files with new data, and then have the offline folder pick up those changes, that the new ACLs would apply. It's because the offline folder is still acting as offline and working from the cache that the ACLs don't apply yet.
Oh.. you didn't say put a new file - you said update a file with new data... OK I stand corrected - but, this would only work if the file in question had already been synced, so you'd need to update every file in the folder to ensure this would work.
-
@Dashrender said in Windows Offline Files query:
@scottalanmiller said in Windows Offline Files query:
I don't have an offline folder here to work with, but I'm pretty sure that if you were to update the files with new data, and then have the offline folder pick up those changes, that the new ACLs would apply. It's because the offline folder is still acting as offline and working from the cache that the ACLs don't apply yet.
Oh.. you didn't say put a new file - you said update a file with new data... OK I stand corrected - but, this would only work if the file in question had already been synced, so you'd need to update every file in the folder to ensure this would work.
Possibly, I'm not sure how the sync works. Does it work by file or by folder?
