Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Access Rights Manager (ARM) formerly 8MAN > ARM - Knowledgebase Articles > Unable to delete directories outside of ARM

Unable to delete directories outside of ARM

Updated November 7, 2018

Overview

This article details an issue in which a user cannot delete directories outside of ARM.

Environment

  • Access Rights Manager

Cause

The hidden file .id.8MAN prevents deletion.

 

When changing permissions and creating directories, the hidden .id.8MAN file is created for the directory. This file contains a GUID to uniquely assign the directory to the logbook entries. In addition, the SIDs for the rights groups in the directory are written into to the file.

 

A "normal" user can not delete this file because non-administrator accounts would not have permission to delete it.

Resolution

  1. Turn off the set of special rights for the .id.8MAN file.
  2. Verify the following line is included in the file pnJob.config.xml in the folder C:\ProgramData\protected-networks.com\8Man\cfg:
    <changeId8ManSecurity type = "System.Boolean"> false </ changeId8ManSecurity>
  3. To switch off special rights, ensure the value for <changeId8ManSecurity> is false.

  4. An example of a configured pnJob.config.xml is:
    <? xml version = "1.0" encoding = "utf-8"?>
    <config>
        <fileSystem>
            <change>
                <changeId8ManSecurity type = "System.Boolean"> false </ changeId8ManSecurity>
            </ change>
        </ fileSystem>
    < / config>

 

Cleanup all id.8MAN files

  1. Download the free tool Reset8Man.exe. This tool serves to restore the inheritance on the id.8MAN.
  2. Remove all explicit Access Control Entries and switch on the inheritance from all, i.e. enable inheritance on id.8MAN files on all or special drives.

 

The tool Reset8Man.exe can execute with the following parameters on the desired resource:

-d, --drive = [VALUE] Use the specific drive only, such as "D:". However, this works only on the same file server UNC has the -u command.
-l, --list Lists the id.8man files on all or a specified drive.
-h, --help Show the help.
-u, --unc = [VALUE]

Use the specified UNC path.

 

Examples

ResetId8Man

All id.8man files will be reset.


This is only on the file server itself since it is based on drives.

ResetId8Man -l List all id.8MAN files on all or the specific directory
ResetId8Man -d = c: Only id.8MAN files on drive C:\ will be reset
ResetId8Man -u = \\ server \ share Only .id.8MAN on the share will be reset even with -l then only listing the id.8MAN files on the share
ResetId8Man -l -d = c: List all id.8MAN files on the C:\ drive

 

 

 
Last modified

Tags

Classifications

Internal Use Only