Category Archives: Microsoft Server 2008R2

Can’t Delete File/Folder – Path Too Long

I ran into a scenario where I had used Robocopy to /COPYALL out to an external USB drive for a backup of a rather large directory. One of the source directories had about 40 hidden subfolders stacked within itself which robocopy copied out to the external drive. All of these folders file paths on my external drive now surpassed the limit of 255 characters which essentially renders them useless in the GUI. These duplicate hidden subfolders were something that I wanted to:

– delete from the destination media

– exclude from any future robocopy copyouts

The quick fix I found was to drill down into the USB drive about half way through the nested subfolders, right-click and share one of the duplicates out, giving permission to ‘Everyone’. From my host PC, I was able to go to  \\SERVER\*newshare* and delete all subfolders/files from that point as the relative path was then lower than 255 characters. Go back into the server, remove the share, and move it higher up in the tree if necessary to work yourself out of the 255 character limit.

I then added the exclusion (in italics below) to my robocopy script to avoid copying that directory again and recreating the issue:

robocopy “C:\Graphics” “F:\Graphics” /NP /E /R:3 /W:5 /ZB /XD “C:\Graphics\Videos\Edits” /LOG:”C:\Backup_log.txt”

Clear Temporary Internet Files for All Users

I came across this utility from the folks over at Ctrl-Alt-Del Consulting which is great for reclaiming space taken by users temporary internet files stacking up over time. I’ve found it especially helpful on terminal servers with hundreds of users. Download their free tool ICSweep here:

http://www.ctrl-alt-del.com.au/CAD_Utils.htm

Once downloaded, extract it to the root of C:\. Open an administrative command prompt and cd to the “C:\ICSweep” directory and reference the following switches:

Usage:
ICSweep [/ALL|/TIF|/TMP] [/?]

  /ALL   -   Delete both Temporary Internet Files and Temp files
  /TIF   -   Delete Temporary Internet Files only (Default)
  /TMP   -   Delete Temp files only
  /SIZE  -   Report the size of both Temporary Internet Files
             and Temp files in each profile NOT in use. This
             switch will also report the total size of
             both Temporary Internet Files and Temp files NOT
             in use. It DOES NOT DELETE any files.
  /?     -   show this help file

Setting Up FTP-over-SSL With IIS7 (FTPS)

 PART I – Server Setup

1) Install IIS Web Service role with all FTP Features selected:

2) Create folder you want to use as your FTP root landing point (i.e. D:\FTP)

3) Set permissions to allow anonymous access. Open command prompt as administrator and run the following command (using whatever folder path you created):

ICACLS “D:\FTP” /Grant IUSR:R /T

4) Open IIS. Right-click Sites and Add FTP Site:

5) Name your site and specify the FTP folder you created as the Content Directory:

6) Choose IP/Port and SSL settings below:

7) Specify Authentication and Authorization Information. In this example, we will give ‘Administrator’ full read/write access:

8) Create self-signed certificate. Select your server name in IIS Manager > Create Self-Signed Certificate in the right-hand pane. Complete the wizard, naming the certificate whatever you want:

9) Select your new FTP site under the Sites node, and select FTP SSL Settings. Select the certificate you just created. Select Custom for the SSL Policy, specify Require only credentials for the Control Channel and Allow for the Data Channel. Click Apply to save settings:

10) Edit bindings of the FTP site, and add port 990:

This should complete the setup of the server if you are using it internally. If you need to access it through a firewall (i.e. Cisco ASA) over the Internet, there are additional settings that need to be configured:

PART II – Firewalls, Ports, and External Access

11) Select the server name in IIS Manager > select FTP Firewall Support. Specify your passive port range and the external IP address this server uses. In this example I only specify one port (5000) so that I only need a single access list line on my firewall for a single port. Replace xxx.xxx.xxx.xxx with whichever public address your server uses. Click apply:

12) Now the firewall changes. This example uses Cisco ASA with a single external static address. The principals are the same with other firewalls. Insert the following commands:

//Create the object-group
object-group service FTPS
service-object tcp-udp eq 5000

//Permit the control and data ports with an access list
access-list outside_in extended permit tcp any interface outside eq 990
access-list outside_in extended permit object-group FTPS any host PUBLIC_SERVER_IP

//Specify your static NAT to internal FTP server
static (inside,outside) tcp interface 990 INTERNAL_SERVER_IP 990 netmask 255.255.255.255
static (inside,outside) tcp interface 5000 INTERNAL_SERVER_IP 5000 netmask 255.255.255.255

13) IMPORTANT: Open the services console (services.msc) on the FTP server and restart the Microsoft FTP Server service. This will bring passive port change made above online. Skipping this step will make you bang your head against the wall because it’s all setup correctly, it’s just not handing out the right passive ports when you connect.

PART III – Connecting with FTP Client

14) I use FileZilla for this example. It’s easy, free, lightweight FTP client that can do FTP over SSL. Open FileZilla > File > Site Manager and create a new profile with the following settings:

15) You should now be able to establish this connection. When you attempt you will be prompted if you want to trust the certificate (because it is self-signed), which you’ll want to do, and should be presented the directory listing on the FTP server: