Sunday, March 26, 2017

[Solved] Managing access privileges for QNAP NAS file shares in Windows Active Directory landscape

QNAP NAS devices can be used in Windows Active Directory based networks to reuse AD user accounts for managing access privileges to file shares on NAS. This integration can be performed using "System Settings" applet in QNAP management:

Once the setting is finished the administrators can use AD groups and accounts for access privileges management. QNAP "File Station" applet prompts to use Windows ACL management (for example - "Security" property sheet of Windows Explorer) for access security control:

Unfortunately, the privileges set using Windows Explorer property sheet do not apply until top level access for AD users/groups for selected share is set (using "File Station" applet):

Once the access to the top level of file share is set at least to "Read only" - further access privileges management can be performed using Windows ACL tools (Windows Explorer, scripting etc.).