File Metadata Synchronization

<< Click to Display Table of Contents >>

Navigation:  Peer Global File Service Help > Advanced Topics >

File Metadata Synchronization


Overview

File metadata is additional information stored as part of a file.  The primary component of file metadata is Security Descriptor Information, also known as access control levels (ACLs).

The Security Descriptor Information elements that can be synchronized are:

Owner:  NFTS Creator-Owner.  By default, the owner is whomever created the object.  The owner can modify permissions and give other users the right to take ownership.

DACL:  Discretionary Access Control List.  It identifies the users and groups that are assigned or denied access permissions to a file or folder.

SACL:  System Access Control List.  It enables administrators to log attempts to access a secured file or folder and is used for auditing.

File Metadata Conflict Resolution

File metadata conflict resolution occurs only the first time a file is synchronized during the initial scan, and only when one or more security descriptors do not match the designated master host.

If the file does not exist on the designated master host, then no conflict resolution is performed.  If a master host is not selected, then no file metadata synchronization is performed during the initial scan.

ACL Requirements

Enabling ACL synchronization requires that all participants be members of any referenced domains that are configured in the ACL(s) or as the owner of the file.  Failure to do so may render the file unreadable on the offending target host.

All Peer Agents must be run under a domain Administrator account and cannot be run under a local or System account.

To ensure accurate and consistent ACL propagation, the security settings for the watch set must match EXACTLY across all the participants.  The best and easiest way to ensure the security settings match is to compare the permissions in the Microsoft Advanced Security Settings dialog for the root folder being watched.