Lately I’ve been trying to solve a file sharing problem some client has been encountering, the issue was: how to access my company file shares from the outside without compromising the Data there and not having to authenticate every time I access a file.
Again, UAG offered the solution.
Implementing it was however not as straightforward as it might seem, so here is the full detailed procedure:
UAG has two ways of implementing File Sharing, the first of which only concerns post Windows 2003 Servers and post Windows XP Clients.
This publishing feature is called “Local Drive Mapping” and allows UAG to add a local Drive Map to your Client Computers. As I mentioned Before, this feature only works for shares hosted on 2003 Servers and Clients that have Windows XP and bellow installed and will require you to publish the Local drive Mapping Setup run it and restart prior to creating the drive map.
The rest of the process is straight forward.
The more interesting feature, and which will function will all your clients and servers is the UAG “File Access” feature.
This Service allows you to publish access to any of your local file shares through the UAG Portal thus giving you direct access to those resources with a single sign-on and the advantages of the Security policies that you can set through UAG.
To enable this feature you must first of all configure your server to allow file sharing to function.
UAG file sharing is based on the Windows Network Discovery which is disabled by default on servers. So first step is to enable them on all Servers you need to access:
Start by setting the Computer Browser, Distributed Transaction Coordinator Workstation Services to Automatic and starting them up
Then make sure that the Client for Microsoft Networks component is added to your Local Network Card and active.
Try then to Browse your network and access the servers you need get your files from
Turn on the Network Discovery Service if it asks you to when accessing the network.
The UAG server must be joined to the domain and the following local security policies modified if the domain is in mixed mode:
· Domain member: Digitally encrypt or sign secure channel data (always): Disabled
· Domain member: Require strong (Windows 2000 Server or later) session key: Disabled
· Microsoft network client: Digitally sign communications (always): Disabled
· Microsoft network server: Digitally sign communications (always): Disabled
· Microsoft network server: Digitally sign communications (if client agrees): Disabled
· Network Security: LAN Manager Authentication Level: Send LM and NTLM responses
Once you’re done with the steps above it is time to configure UAG:
Start by adding the File Access Service to your HTTPS Trunk:
Access the file access configuration option in the admin menu
Select the Domain, the servers and the shares to which you wish to connect and apply your settings. (You might need to refresh few times to see your servers).
Close all you windows, Activate your configuration and Voila! You now have a secure simple outside access to your company shares.
Published By Hicham Bardawil