Skip to main content

Configuring using Microsoft Management Console (MMC)

Microsoft Management Console (MMC) provides a unified interface for managing Windows system components. MMC uses snap-in modules—specialized tools for specific administrative tasks—to allow administrators to monitor and control key aspects of the system, such as hardware, software, and network settings, from one place. These snap-ins streamline tasks like configuring system policies, managing users, monitoring performance, and overseeing network services, making MMC a core tool for both local and remote system management in Windows.

Some features of Fusion File Share Server can be configured using MMC through the Shared Folders snap-in. This allows administrators to manage shares, monitor open files, and oversee active sessions.

Configuring the Server to Allow Management via MMC

Fusion File Share Server management via MMC is facilitated by the IPC$ share to enable remote management, uses Administrative Shares to provide a Windows-compatible namespace for managing shares, and requires certain Windows privileges to be granted to intended administrators that will be using MMC to manage the server.

  • The IPC$ Share:

    The IPC$ share in Windows is a hidden, system-managed share managed by the Windows Server service (srvsvc) for remote administration and communication between networked computers via named pipes. It facilitates administrative tasks like listing available shares, enumerating users, and managing services through Remote Procedure Calls (RPC).

    Fusion File Share Server provides an IPC$ share to enable share administration, which is enabled by default.

  • Administrative Shares:

    Administrative shares, such as C$ and D$, are special hidden shares representing the root of a drive on a Windows machine. These shares are only accessible to members of the Administrators group.

    In Fusion File Share Server, you can designate a share as administrative to simulate this behavior and potentially use it as a root for other shares.

    To be able to add new shares, at least one administrative share must be configured in the configuration file or using the CLI.

  • Windows Privileges:

    Windows privileges control permissions for system-related operations. They are distinct from share permissions or ACLs, which control access to objects such as files and directories.

    In Windows, privileges are stored in the Security Account Manager (SAM) database or in Active Directory. In Fusion File Share Server, they are stored in a file called the privilege database.

    The privileges required for a user to manage the server through MMC depend on the operations that the user needs to perform:

    • TsmbServerShareOperatorsPrivilege: Allows the user to manage shares.
    • TsmbServerOpenOperatorsPrivilege: Allows the user to open files.
    • TsmbServerSessionOperatorsPrivilege: Allows the user to manage sessions.
    • TsmbServerOperatorsPrivilege: Grants full access to all management operations listed above.

For example, to allow the user johndoe to manage shares under that are stored under /mnt/drive-c, the configuration file should be edited to enable the IPC$ share, set the path for the privilege database, and contain a definition for an administrative share with the path parameter set to /mnt/drive-c:

[global]
    . . .
    enable_ipc = true                     # Can be omitted since this is the default
    privilegedb = /etc/tsmb-privileges.db # Must be created before starting the server
    . . .
[/global]

[share]
    name = C$                             # Must be C$, D$, etc.
    path = /mnt/drive-c
    administrative = true
[/share]

To grant the user johndoe the necessary privileges to manage shares using the MCC, run the following command:

sudo tsmb-privilege grant TsmbServerShareOperatorsPrivilege johndoe

For more information on these features and mechanisms, refer to the following pages:

Setting up the MMC

To configure Fusion File Share Server for MMC management, follow these steps:

  1. On a Windows machine, open the MMC by pressing Win-R and running mmc. Running MMC

  2. In the MMC window (usually named Console1), select File > Add/Remove Snap-in, or press Ctrl-M. Adding a Snap-in

  3. From the Available Snap-ins list, select Shared Folders, click Add >, and then click OK. Adding the Shared Folders Snap-in

  4. In the Shared Folders dialog, select the Another Computer option, input the IP address or hostname of the machine running Fusion File Share Server, and click Finish. Adding the

Your Fusion File Share Server should now appear in the management console with the name Shared Folders (\\<IP or hostname>), for example, Shared Folders (\\FUSION-SRV1).

Managing Shares

Adding a Share

To add a new share, perform the following steps in your Fusion File Share Server snap-in:

  1. Right-click on Shares, and select New Share.... Creating a Share

  2. In the Create a Shared Folder Wizard dialog, click Next >. Creating a Share

  3. In the Folder Path field, enter the path of the share to be added, and click Next >.
    This path must be under the administrative share you've configured. For example, if you've configured the administrative share C$ to point to /mnt/drive-c, and you want to share /mnt/drive-c/share1, enter C:\share1 in the Folder Path field.

    important

    Neither MMC nor Fusion File Share Server creates the directory on the server. It is up to the Fusion File Share Server administrator to ensure that the directory exists.

    The share will be created regardless of whether the directory exists or not, but if the directory does not exist, it won't be accessible.

    Creating a Share

  4. Configure the share, and click Next >:

    • In the Share Name field, enter the name of the share. The entered value sets the netname parameter of the share that is created on the server.
    • In the Description field, enter a description for the share. The entered value sets the remark parameter of the share that is created on the server. Creating a Share

  5. Configure the permissions for the share, and click Finish.
    Either select from the predefined options, or choose Customize permissions and click Custom... to specify the permissions manually.
    The selected permissions set the security_descriptor parameter of the share that is created on the server. Creating a Share

If Fusion File Share Server is running in persistent configuration mode, the share would be added to the configuration file. For example:

. . .
[share]
    netname = share1
    type = disk
    remark = A share added from MMC
    path = c:/foo
    security_descriptor = D:(A;;0x1200a9;;;WD)
    encrypt_data = false
    access_based_enumeration = false
    oplock = all
[/share]
. . .

Removing a Share

To remove a share, perform the following steps in your Fusion File Share Server Shares Folders snap-in:

  1. In the Shares folder, right-click on the share to be removed, and select Stop Sharing. Removing a Share
  2. In the confirmation dialog, click Yes. Removing a Share

Modifying a Share

You can modify the share's description, permissions and root ACL.

To modify a share using the MMC, perform the following steps in your Fusion File Share Server Shares Folders snap-in:

  • In the Shares folder, right-click on the share to be modified, and select Properties: Modifying a Share
    • To modify the share's description, click the General tab, and modify the Description field. The changes will be reflected in the remark parameter of the share. Modifying a Share
    • To modify the share's permissions, click the Share Permissions tab, perform the necessary changes. The changes will be reflected in the security_descriptor parameter of the share. Modifying a Share
    • To modify the share's root ACL, click the Security tab, perform the necessary changes. The changes will be stored according to the ACL storage settings. Modifying a Share