Frequently Asked Questions
Frequently Asked Questions
Necessary security policy when using Network Folder Connector
Posted by Rami Taipale (M-Files) on 28 June 2019 03:41 PM

1     Overview

There is a common problem that can occur when accessing network folder via M-Files even though the same folder can be accessed by the same user via Explorer. One of the reasons why this could happen is that the end user doesn't have "Log on locally" security policy on M-Files Application Server. This is mandatory security policy for the end user to be able to access Network Folder via M-Files Application Server. By default, Windows Stand-Alone Server Default Settings include that policy with group Users, but there are cases where the M-Files Application Server isn't stand-alone:  One example of this situation is when M-Files Application Server is on the same computer that works as a Domain Controller. Domain Controller's default policy values don't include Users with "Log on locally" policy.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-locally

M-Files System Requirements state: "For data security reasons, we do not recommend installing M-Files Server on a computer that is also used as a Microsoft domain controller. However, M-Files Server can technically run on a Microsoft domain controller server."

As a result, if that required security policy is missing, the end user can't access the Network Folder. You could get error messages like "Access denied" or "Authentication error". There are multiple reasons why the Network Folder can't be accessed, and this is one of those.

2     Solution

If it's necessary to run M-Files Application Server in a non-standard stand-alone server, you can add that "Log on locally" security policy e.g. to group Users to enable Network Folder Connector to work properly.

Depending from your environment, this might be done e.g. with Group Policy Object Editor snap-in: From the left pane, under the Computer Configuration, locate and select Windows Settings > Security Settings > Local Policies > User Rights Assignment. Once the User Rights Assignment option is selected from the left pane, from the right pane, double-click the Allow log on locally option. On the opened Allow log on locally Properties box, click the Add User or Group button.

(0 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako case