Configuring Shadow folders in a Workgroup

A collection of information about Vault, including solutions to common problems.

Moderator: SourceGear

Post Reply
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Configuring Shadow folders in a Workgroup

Post by lbauer » Thu May 14, 2009 12:18 pm

If you don't have a domain, these instructions should help you get Shadow Folders working on a workgroup. If you already tried setting up shadow folders, delete the existing shadow folders and shadow folder associations before you follow these steps:

First, use an existing Windows account or create a new Windows account for the Vault Shadow Folder Service to use.

Use local security policies on the Vault Server machine to give the Windows account the following privileges:

Access this computer from the network
Log on as a batch job.
Log on as a service
(Allow) Log on Locally

Then modify the web.config file in the VaultShadowFolder directory (within the Vault Service directory)

Uncomment out this line, and add the domain account and password information:

Code: Select all

Controls the application identity of the Web application
impersonate Specifies whether client impersonation is used on each request. 
true - Specifies that client impersonation is used. 
false - Specifies that client impersonation is not used. 
userName - Specifies the user name to use if impersonate is set to true. 
password -Specifies the password to use if impersonate is set to true. 
<!-- identity impersonate="true" userName="DOMAINorMACHINE\WINDOWSACCT" password="plaintext_pwd"/>-->
Log on to the same machine hosting the Vault Server using the Vault Shadow Folder Windows account. This will ensure that all normal folders are created for that user's %APPDATA% setting (ie. C:\Documents and Settings\VaultShadowFolderAccount\Application Data).

The following permissions must be added to the permissions on the following folders on the Vault Server machine for the impersonated account:

FULL CONTROL - %WINDIR%\Microsoft.NET\Framework\<version>\Temporary ASP.NET Files
READ - .Net Framework hierarchy (%WINDIR%\Microsoft.NET\Framework\v2.0.50727)
READ - %WINDIR%\assembly*
FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService
FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService\VaultShadowFolder
READ / WRITE / MODIFY - %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys

*This is the global assembly cache. You cannot directly use Windows Explorer to edit ACLs for this folder. Instead, use a command Windows and run the following command: "cacls %windir%\assembly /e /t /p domain\useraccount:R"

Create the shadow folder on the other machine in your workgroup and give your Windows account (machinename\username) Full Control over it. You can also share that folder.

Finally in the Vault Admin Client set up the shadow folder. This setting is in the Admin Web Client under Source Control Repositories->(Repository name)->Shadow Folders. You would add the repository folder name plus the UNC path to the shadow folder.
Linda Bauer
Technical Support Manager

Post Reply