<bookinfo>
<title>OpenAFS for Windows Release Notes</title>
<copyright>
- <year>2003-2012</year>
+ <year>2003-2013</year>
<holder>Secure Endpoints Inc. and Your File System Inc.</holder>
</copyright>
<legalnotice>
<listitem>
<para>Microsoft Windows XP Professional (pre-SP2)</para>
</listitem>
+ <listitem>
+ <para>Microsoft Windows 8 RT (ARM)</para>
+ </listitem>
</itemizedlist>
</para>
- <para>Older releases of OpenAFS are available for download if unsupported operating systems must be used. The last version of OpenAFS with support for Win9x is 1.2.2b. The last version with support for Windows NT 4.0 is 1.2.10. The last version to support Windows 2000 and XP SP1 is 1.6.x.</para>
+ <para>Older releases of OpenAFS are available for download if unsupported operating systems
+ must be used. The last version of OpenAFS with support for Win9x is 1.2.2b. The last version
+ with support for Windows NT 4.0 is 1.2.10. The last version to support Windows 2000 and XP
+ SP1 is 1.6.1.</para>
</section>
<section>
<title id="Disk_Space">2.2 Disk Space</title>
</itemizedlist>
</section>
<section>
- <title>3.2.4. Heimdal 1.5 and Weak Encryption Types</title>
+ <title>3.2.4. Heimdal 1.5, MIT 4.x, and Weak Encryption Types</title>
<para>Just as Microsoft disabled the use of Weak Encryption Types in Windows 7 and Windows
Server 2008 R2, Heimdal and MIT have disabled the use of weak encryption types in their
- latest releases. In order to use Heimdal 1.5 or MIT Kerberos 1.9 or later with OpenAFS,
- the weak encryption types including DES-CBC-CRC and DES-CBC-MD5 must be enabled. In
+ latest releases. In order to use Heimdal 1.5 or MIT Kerberos 1.9 or later with OpenAFS,
+ the weak encryption types including DES-CBC-CRC and DES-CBC-MD5 must be enabled. In
Heimdal, this is performed by adding "allow_weak_crypto = true" to the [libdefaults]
- section of the %SystemRoot%\ProgramData\krb5.conf file.</para>
+ section of the %SystemRoot%\ProgramData\Kerberos\krb5.conf file. In MIT KFW 4.x, this is
+ performed by adding "allow_weak_crypto = true" to the [libdefaults] section of the
+ %SystemRoot%\ProgramData\MIT\Kerberos5\krb5.ini file.</para>
<para>Futures versions of OpenAFS will not have this requirement.</para>
</section>
</section>
</indexterm>
<para>The OpenAFS client supports UNC paths everywhere. UNC paths provide a canonical name for resources stored within AFS. UNC paths should be used instead of drive letter mappings whenever possible. This is especially true when specifying the location of roaming profiles and redirected folders.</para>
<para>Power users that make extensive use of the command line shell, cmd.exe, should consider
- using JP Software's 4NT or Take Command command processors. Unlike cmd.exe, the JPSoftware
- shells fully support UNC paths as the current directory. JPSoftware added special
- recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0. AFS paths can
- be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the
- output of the volume status for the specified path, and many AFS specific functions and
- variables have been added to the command language. Take Command 14.03 includes support for
- OpenAFS IFS Reparse Points and Hard Links.</para>
+ using JP Software's Take Command command processor. Unlike cmd.exe, the JPSoftware shells
+ fully support UNC paths as the current directory. JPSoftware added special recognition for
+ OpenAFS to its command shells starting in version 7.0. AFS paths can be entered in UNIX
+ notation (e.g., /afs/openafs.org/software), space utilization reports the output of the
+ volume status for the specified path, and many AFS specific functions and variables have
+ been added to the command language. Take Command 14.03 includes support for OpenAFS IFS
+ Reparse Points and Hard Links.</para>
<para>JPSoftware's web site is
<ulink url="http://www.jpsoft.com/">http://www.jpsoft.com</ulink>.
</para>
- <para>Microsoft PowerShell 1.0 and 2.0 will also support UNC paths as the current directory. </para>
+ <para>Microsoft PowerShell 1.0, 2.0 and 3.0 also support UNC paths as the current directory. </para>
+ <para>The Cygwin environment also supports UNC paths as the current directory. Enter AFS paths
+ with two leading forward slashes: //afs/grand.central.org/software/openafs/. As of Cygwin
+ 1.7.18-1, AFS Symbolic Links are supported natively by the Cygwin environment.</para>
</section>
<section>
<title id="aklog.exe">3.10. aklog.exe</title>
<para>OpenAFS on 64-bit Windows benefits from the lifting of the 2GB process memory restriction that is present in 32-bit Windows. Without this restriction the AFS Cache File can become arbitrarily large limited only by available disk space.</para>
</section>
<section>
- <title id="Windows_Vista_Known_Issues">3.43. Known Issues with Microsoft Windows Vista, Windows 7, and Server 2008 [R2]</title>
+ <title id="Windows_Vista_Known_Issues">3.43. Known Issues with Microsoft Windows Vista,
+ Windows 7, Server 2008 [R2], Windows 8 and Server 2012</title>
<indexterm significance="normal">
<primary>windows vista</primary>
</indexterm>
<para>Windows Vista, Windows 7, and Server 2008 [R2] implement
<ulink url="http://www.microsoft.com/technet/windowsvista/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d9.mspx">User Account Control</ulink> (UAC), a new security feature that implements least user privilege. With UAC, applications only run with the minimum required privileges. Even Administrator accounts run applications without the "Administrator" access control credentials. One side effect of this is that existing applications that mix user and system configuration capabilities must be re-written to separate those functions that require "Administrator" privileges into a separate process space. Future updates to OpenAFS will incorporate the necessary privilege separation, until that time some functions such as the Start and Stop Service features of the AFS Authentication Tool and the AFS Control Panel will not work unless they are "Run as Administrator". When a Vista user account that is a member of the "Administrators" group is used to access the AFS Control Panel (afs_config.exe), the process must be "Run as Administrator". Otherwise, attempts to modify the OpenAFS configuration will appear to succeed but in reality will have failed due to Vista's system file and registry virtualization feature.
</para>
- <para>The help files provided with OpenAFS are in .HLP format. <ulink url="http://support.microsoft.com/kb/917607">Windows Vista, Windows 7, and Server 2008
- [R2] do not include a help engine for this format.</ulink>
+ <para>The help files provided with OpenAFS are in .HLP format. <ulink
+ url="http://support.microsoft.com/kb/917607">Windows Vista, Windows 7, Server 2008 [R2],
+ Windows 8 and Server 2012 do not include a help engine for this format.</ulink>
</para>
<para><emphasis>The following items only apply when the OpenAFS Service is manually configured as an SMB Gateway.</emphasis></para>
<para>OpenAFS for Windows works with Microsoft Windows Vista, Windows 7 and Server 2008 [R2] from both the command prompt and the Explorer Shell.
<indexterm significance="normal">
<primary>symlinks</primary>
</indexterm>
- <para>
- The IFS redirector driver represents all AFS mount points and AFS symlinks as reparse points within the file system name space
- using a Microsoft assigned tag value. Tools that are OpenAFS reparse point aware can create, query
- and remove AFS symlinks and mount points without requiring knowledge
- of AFS pioctls. The explorer shell will be able to delete a mount
- point or symlink as part of a recursive directory tree removal without
- crossing into the reparse point target.
- </para>
+ <para> The AFS redirector driver represents all AFS mount points and AFS symlinks as reparse
+ points within the file system name space using a Microsoft assigned tag value. Tools that
+ are OpenAFS reparse point aware can create, query and remove AFS symlinks and mount points
+ without requiring knowledge of AFS pioctls. The explorer shell will be able to delete a
+ mount point or symlink as part of a recursive directory tree removal without crossing into
+ the reparse point target. </para>
<para>The Explorer Shell displays Symlinks and Mount Points using overlay icons.</para>
<para><inlinegraphic fileref="relnotes03.jpg" align="center" arch=""/></para>
+ <para>Beginning with 1.7.22, AFS Symlinks are represented as Microsoft Symlink reparse points
+ instead of an OpenAFS specific reparse point. Symlinks can now be created using the Win32
+ <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa363866%28v=vs.85%29.aspx"
+ >CreateSymbolicLink</ulink> API and follow all of the behaviors of Microsoft Windows'
+ <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365680%28v=vs.85%29.aspx"
+ >Symbolic Links</ulink>. Any tool capable of creating symbolic links on NTFS can now do
+ so within AFS.</para>
+ <para>Symbolic Links to Files are not supported by all Microsoft Windows applications because
+ directory enumerations, GetFileAttributes and GetFileAttributesEx return the attributes and
+ size of the Symbolic Link and not that of the target file. Applications that treat the
+ size of the Symbolic Link as the size of the target file will misbehave. All Java releases
+ 1.6.x and earlier and all .NET applications as of this writing use the Symbolic Link size as
+ the size of the target file. Java 1.7 correctly processes Symbolic Links.</para>
</section>
<section>
<para>The Windows <ulink url="https://secure.wikimedia.org/wikipedia/en/wiki/Shadow_Copy">Volume Shadow Copy Service</ulink> is not implemented. As a result, AFS backup volumes are not accessible via the Explorer Shell.</para>
</listitem>
<listitem>
- <para>
- There is no support for storing DOS attributes such as Hidden, System, or Archive.
- </para>
+ <para>There is no support for storing DOS attributes such as Hidden, System, or Archive. </para>
</listitem>
<listitem>
- <para>
- There is no support for Alternate Data Streams as required by Windows User Account Control to store Zone Identity data.
- </para>
+ <para>There is no support for Alternate Data Streams as required by Windows User Account
+ Control to store Zone Identity data. </para>
</listitem>
<listitem>
- <para>
- There is no support for Extended Attributes.
- </para>
+ <para>There is no support for Extended Attributes. </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="https://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx">Access Based Enumeration</ulink>.
- </para>
+ <para>There is no support for <ulink
+ url="https://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx"
+ >Access Based Enumeration</ulink>. </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="https://secure.wikimedia.org/wikipedia/en/wiki/Windows_Management_Instrumentation">Windows Management Instrumentation</ulink>
- </para>
+ <para>There is no support for <ulink
+ url="https://secure.wikimedia.org/wikipedia/en/wiki/Windows_Management_Instrumentation"
+ >Windows Management Instrumentation</ulink>
+ </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="http://msdn.microsoft.com/en-us/library/aa363997%28v=vs.85%29.aspx">Distributed Link Tracking and Object Identifiers</ulink>
- </para>
+ <para>There is no support for <ulink
+ url="http://msdn.microsoft.com/en-us/library/aa363997%28v=vs.85%29.aspx">Distributed
+ Link Tracking and Object Identifiers</ulink>
+ </para>
</listitem>
<listitem>
- <para>
- There is no support for storing <ulink url="http://msdn.microsoft.com/en-us/magazine/cc982153.aspx">Windows Access Control Lists</ulink>. Only the AFS ACLs are enforced.
- </para>
- </listitem>
+ <para>There is no support for storing <ulink
+ url="http://msdn.microsoft.com/en-us/magazine/cc982153.aspx">Windows Access Control
+ Lists</ulink>. Only the AFS ACLs are enforced. </para>
+ </listitem>
+ <listitem>
+ <para>There is a bug in the Explorer Shell which can result in the Shell responding to a
+ Ctrl-V (Paste) operation with an out of space error. The bug is that the Shell
+ queries the root directory of the UNC Path or Drive Letter for free space instead of
+ the path in which the Paste is being performed. To work around the bug, select a
+ directory in another volume under the same root and then return to the target
+ directory before initiating the Paste. Performing the Paste using the Context Menu
+ instead of Ctrl-V will avoid triggering the bug.</para>
+ </listitem>
+ <listitem>
+ <para>Windows file systems support a maximum of 31 reparse points (mount points or
+ symbolic links) within a path.</para>
+ </listitem>
</itemizedlist>
</para>
</section>
The OpenAFS file system has followed suit and is disabling automatic generation of 8.3 compatible names on Windows 8 and Server 2012.
</para>
</section>
+ <section>
+ <title id="explorer_read_only_volume_bug">3.57. The Explorer Shell, Drive Letter Mappings, and Read Only Volumes</title>
+ <indexterm significance="normal">
+ <primary>explorer shell</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>drive letter mappings</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>.readonly volumes</primary>
+ </indexterm>
+ <para>File systems can expose a variety of information about the underlying volumes they serve
+ to applications. All AFS volumes are described as supporting Case Preservation, Hard Links,
+ Reparse Points and Unicode characters. For .readonly volumes the file system can indicate
+ that the volume is a Read Only Volume. The benefit of doing so is that applications such as
+ the Explorer Shell can alter their behavior to improve the user experience. For example,
+ when the volume is reported as read-only the Explorer Shell can remove the Rename, Delete,
+ and other file modifying operations from the user interface. Unfortunately, the Windows 7
+ Explorer Shell is broken with regards to Volume Information queries when issued on Network
+ Mapped Drive Letters. Instead of performing a volume information query on the current
+ directory, the Explorer Shell only queries the root directory of the mapped drive letter.
+ As a result, if the drive letter is mapped to a .readonly volume, all paths accessed via the
+ drive letter are considered to be read-only even when they are not. This behavior is fixed
+ in Windows 8 and Server 2012.</para>
+ <para>Due to this bug, OpenAFS on Windows 7 and below does not report the
+ <ulink url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa964920%28v=vs.85%29.aspx">FILE_READ_ONLY_VOLUME</ulink>
+ flag as part of the volume information. The Explorer Shell properly
+ queries the volume information for UNC paths. If network mapped drive letters are not used,
+ it is often convenient if the FILE_READ_ONLY_VOLUME flag is reported. This can be
+ configured using the <link linkend="Regkey_TransarcAFSDaemon_Parameters_VolumeInfoReadOnlyFlag">VolumeInfoReadOnlyFlag</link> registry value.</para>
+ </section>
</chapter>
<chapter id="chap_4">
<para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0, 1}
</para>
- <para>
- Default: 0 on Windows 8 and Server 2012, 1 otherwise</para>
+ <para> Default: 0 on Windows 7, Windows 8, Server 2008 R2 and Server 2012, 1
+ otherwise</para>
<para>Determines whether or not the AFS Cache Manager will generate 8.3 compatible shortnames for all objects stored in AFS. Short names are disabled by default on Windows 8 and Server 2012. All prior operating systems enable short names by default.</para>
<para>0: do not generate 8.3 compatible short names.</para>
<para>1: generate 8.3 compatible short names.</para>
<para>0: use the older I/O processing mechanism.</para>
<para>1: use the new Direct I/O processing mechanism.</para>
</section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_VolumeInfoReadOnlyFlag">Value: VolumeInfoReadOnlyFlag</title>
+ <indexterm significance="normal">
+ <primary>VolumeInfoReadOnlyFlag</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {0, 1}
+ </para>
+ <para>
+ Default: 1</para>
+ <para>The Win32 GetVolumeInformation and GetVolumeInformationByHandle APIs permit
+ applications to query volume attributes such as Case Preserving, Case Insensitive
+ lookups, support for hard links, support for reparse points, support for Unicode and
+ whether or not the volume is read only. The FILE_READ_ONLY_VOLUME flag when set permits
+ applications such as the Explorer Shell to disable the "Delete" and "Rename" options and
+ prevent copying files into the volume without issuing the request to the file system.
+ Unfortunately, the Windows 7 explorer shell has a bug when a drive letter is mapped to a
+ UNC path. If the mapped path refers to a read only volume, then all volumes accessible
+ via the drive letter are also treated as read only. This bug is fixed in Windows 8 and
+ Server 2012. To improve application compatibility the setting of the
+ FILE_READ_ONLY_VOLUME flag is disabled by default on Windows 7 and below and enabled on
+ Windows 8 and above.</para>
+ <para>0: prevent setting the FILE_READ_ONLY_VOLUME flag. (default on Win7 and below).</para>
+ <para>1: permit setting the FILE_READ_ONLY_VOLUME flag. (default on Win8 and above)</para>
+ </section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_ReparsePointPolicy">Value: ReparsePointPolicy</title>
+ <indexterm significance="normal">
+ <primary>ReparsePointPolicy</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {0, 1}
+ </para>
+ <para>
+ Default: 0</para>
+ <para>Windows file systems use <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365503%28v=vs.85%29.aspx"
+ >reparse points</ulink> to represent special file system objects such as NTFS
+ Junctions, Symbolic Links and AFS Mount Points. Windows applications must be designed
+ to work with <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365680%28v=vs.85%29.aspx"
+ >Symbolic Links</ulink> because <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365682%28v=vs.85%29.aspx"
+ >several standard file system functions</ulink> behave differently when the provided
+ path specifies a reparse point. Although there is not a significant impact for Symbolic
+ Links to Directories and Mount Points to volume root directories, Symbolic Links to
+ Files can result in applications misinterpreting the file size and attributes.</para>
+ <para>The ReparsePointPolicy value permits alternate behaviors for reparse point objects
+ on a global basis. In this version, there is only one policy option which permits
+ Symbolic Links to Files to be represented with the target file's size and attributes in
+ the output of FindFirstFile, GetFileAttributes, and GetFileAttributesEx
+ operations.</para>
+ <para>0: All Reparse Points are treated as reparse points.</para>
+ <para>1: Reparse Points to Files treated as the target File.</para>
+ </section>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_GlobalAutoMapper">Regkey:
git://git.openafs.org / openafs.git / blobdiff