Security@Georgeliu.me

CrashPlan is a great data backup service. It has some drawbacks, such as high memory use and slow speeds (being based on Java), but it has some terrific benefits as well. It is about the only program that allows you to store data on multiple computers and on the computers of friends, a free option.

However, I recently ran into a problem with CrashPlan: something was causing CrashPlan to see the folder as 0 bytes instead of several gigabytes. It could not see the data in the folders, and as a result, no data was being backed up.

So what went wrong? I initially thought it was something to do with security settings and file permissions. I searched Google for a while and came up with some hints, such as taking ownership of files and such. For that task, using Ultimate Windows Tweaker allowed me to easily add the correct registry extension to the right-click context menu and take ownership of all files.

That didn’t fix anything. I was still pretty sure it was a file permission error, so I looked at the base drive, and made sure all accounts (Myself and Everyone) had the necessary permissions, with the correct option selected (applying these permissions to “this folder, subfolders, and files”).

It still didn’t work, so I played around in CrashPlan to see what was going on. Only some folders were not capable of being backed up. And as it turns out, the only folders that CrashPlan could not access were the ones being shared with the Windows 7 HomeGroup. Here was a big hint, and I eventually followed these steps:

  1. Disable “Password protected sharing” (Control Panel>All Control Panel Items>Network and Sharing Center>Advanced Sharing Settings\Password protected sharing)
  2. Add “Everyone” account to necessary folders and give them “full control” permissions (Right-click folder, Security\Advanced\Change Permissions\Add\Allow Full Control)

I am not sure that step 1 is necessary, but I believe that because security was enabled, Windows cut down access from Myself and Everyone to just Myself and HomeUsers (HomeGroup). Either way, the most important thing is this: CrashPlan needs to have an Everyone account associated with the folders to back up (and the necessary permissions to read the folder). Otherwise, backups may not work.

But funnily enough, another shared folder that is backed up in CrashPlan has Myself, Administrators, HomeUsers, and SYSTEM user accounts attached to it. Maybe SYSTEM is enough?

 


Comments

Previous comments imported from a different version of this blog.

Hint: use System instead of Everyone for security reasons.

I had this same problem and solved it. I moved an external hard drive from a Win XP to a new pc with Win 7 and found Crashplan saw nothing under a directory with 300 gig. Yet other folders on the same drive did not have the problem. That directory with 300 gig has been shared previously. I found I had to add SYSTEM to the permission so that Crashplan could see the entire directory structure underneath it. After more digging, adding Everyone will have the same effect. — CharlieI didn’t have to give everyone FULL permission, just read permission. But the trick was to disable the Password Protected Sharing. THANK YOU!…saved me a lot of grief! — Steve

I found success by adding SYSTEM account. Not full control and with password protected sharing turned ON. — Sean

It was option 1 for me – the password sharing. Disabled it and crashplan immediately worked again. No idea why this happened or what caused it though. — Nicholas

I had the same problem on Windows Server 2012. CrashPlanPRO wasn’t backing up shares I had changed the security settings on. Adding the SYSTEM user and giving it read and execute rights did the trick. Thanks — Josh

 

 

The Acer W500 is a great little tablet PC. Accessing the BIOS under the default Windows 7 can be difficult due to the speed of the system. Accessing the BIOS under Windows 8’s Hybrid Boot can also be extremely difficult. Here’s how to force the tablet to pause so that you can log into the BIOS or use an external USB drive to boot the device.

First, try the combination of Power + Windows button, then F2.

Second, interrupt Windows with a hard shutdown (hold Power for 5 seconds). Try the Power + Windows + F2 button combination again. This time, you might have extra time since Windows believes there was a system error needing analysis and repair.

Third, disable Hybrid Boot under Windows 8, which can be found under Control Panel> Change what the power buttons do> Change settings that are currently unavailable. Then try the Power + Windows + F2 combination again.

Credits for this fix come from the TabletPCReview Forums.

Why don’t HomeGroups work with PrivateFirewall? Here’s how to fix it.


 

Update (4/21/2013): This post has been updated to fix some more issues. The quick summary is this:

Open all TCP and UDP ports for SVCHost and System (System Services) from 137-65535 for the local network (low security).

Add all HomeGroup computers to the Trusted Networks/IP Addresses area. Check the firewall log for recent HomeGroup attempts.

However, not all issues are fixed. PrivateFirewall should be disabled (allow all connections) in order to set up a HomeGroup, and while network sharing works with PrivateFirewall on, HomeGroups have some difficulties under mixed Windows 7 and 8 networks.


 

PrivacyWare’s PrivateFirewall is a very good HIPS/Firewall combination. Unfortunately, there are a few issues that can appear from time to time, such as this one: with PrivateFirewall off, Windows HomeGroups work, but with the firewall on, HomeGroups are blocked. Here is how to fix it.

Allow the following ports for these two services:

svchost.exe

1. In/out tcp port 3587 2. In/out udp port 3540

system

1. In tcp port 2869 -WIN mediaplayer networking 2. In/out tcp port 5357-5358

SVCHost should be fairly easy to spot, but System may be masquerading as System Services.

Ports can be adjusted on the PrivateFirewall > Main Menu > Applications page after right clicking on the application anme and selecting Customize, then Add new rules.

Credits go to ITMan at WildersSecurity for this fix.

Update (4/21/2013): Some issues remain with local settings and ports. Here’s what I did to fix them:

Port fixes

Windows 7 (and 8) can use many more ports than what is described in the fix above, which can prevent HomeGroups from working correctly. Microsoft has a good document describing all the network/firewall interactions. There are quite a few individual ports, described by RaviShankar at McAfee Forums:

To find other computers running Windows Vista or Windows 7, open these ports:

UDP 3702, UDP 5355, TCP 5357, TCP 5358

To find network devices, open these ports:

UDP 1900, TCP 2869, UDP 3702, UDP 5355, TCP 5357, TCP 5358

To make HomeGroup work correctly between computers running Windows 7, open these ports:

UDP 137, UDP 138, TCP 139, TCP 445, UDP 1900, TCP 2869, UDP 3540, TCP 3587, UDP 3702, UDP 5355, TCP 5357, TCP 5358

The basic fix is to open all ports in System Services and SVCHost to the local network (low security checkbox) from the ranges of 137-5358 for UDP and TCP. I also noticed that HomeGroups involving Windows 8 and 7 use very large ports as well, in the 55,000 range, so adding up to 65535 should open everything up. This is only advised if your local network is trusted. Do not, of course, open these ranges to the whole internet (high security checkbox). You can also individually open up each port (check the firewall log for all the ports being used), but this is easier.

Trust fixes

PrivateFirewall also relies on trusted networks and computers to make the low security settings work. Open up the PrivateFirewall Main Menu and check the Trusted Sites/IP Addresses area to make sure that your network and all computers are in there. If not, an easy way to add these computers is try to access the HomeGroup on one computer, check the firewall log, click on an entry (the recently generated UDP or ICMPv6 Neighborhood Solicitation traffic), and select Trust Remote. Or, go to the router’s configuration screens to pull up a list of all local clients and IP addresses.