I'm using a Windows XP SP2 computer on a network. We use roaming user profiles for staff to allow use on different comptuers. I recently haven't been able to open any exe, microsoft acess, msi and other files that our stored on the network. When I attempt to run them I recieve this error message:
windows cannot access the specified device path or file. You may not have the appropriate permissions to the item
This is concerning to me because I created some of the files, am the administrator/owner of the files and I can however copy them to my desktop and then run them from there no problem. Any ideas on what could have happened and how to fix this?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
It might be also possible that you don't have to read/execute permission on the shared folder, but you have read permission. So you can copy the file to your workstation, there it will inherit the permissions of the target folder and you can execute the files (enabled by default).
So my suggestion is to check the NTFS permissions on the network folder, ideally through Effective permissions tools (folder properties -> Security -> Advanced -> Effective Permissions)
Try this:
Go to the link and click: EXE (lnk and regfile) Fix for Windows XP
http://www.kellys-korner-x
Well i just found another error that I'm not sure is related, but I have attached a screen shot of it. It occurs when I clicked on the link. I have reset all of my IE security settings and that didn't fix it. When I click "ok" everything closes and the file doesn't download
Error that occurs when I clicked on the link
I was hoping it was a linux based mass storage device. Being a file server means it would have been joined to the domain and not lost its ability to authenticate with AD.
So, that leads me to the next troubleshooting possibility. Are these EXE and MSI files that you created have a signed publisher. Some security settings will not allow you to run EXE and MSI files that are not digitally signed.
OK:
Digital signatures are not a problem in some cases.
The shell for exe files is not a problem.
You can't run .REG, .EXE, and .MSI files.
You can see the files within the share, but can't run them.
This really sounds like a program that is denying you access to run these files from a remote location or a plain old permissions problem, as martin babarik pointed out.
What Antispyware package are you running? I think Spybot S&D prevents from running EXE files from a remote location. Some other antispyware packages may prevent you from running these files from a remote location.
Can you execute these .exe files locally? In other words, can you copy the file and paste it to the c:\drive and be granted access to the file?
We have not tried this, but do you have a DNS connection to the profile holder.
Try to ping the server that holds the file shares by using the server name. Sometimes you can see a file in the browser, (in my network places). But, you can't access it because DNS will not allow you to authenticate with the authentication server.
One other thing I should ask, do you use cloned or imaged machines? Could the SID be the same for two or more computers, therefore confusing the authentication process?
Did you check the ""Effective Permissions"""
Permissions are done by taking the NTFS permissions and Share permissions and comparing the two. It will take the combine each permission and take the most restrictive of the two. The effective permissions tab will tell you what the combination of the two permissions sets will give you.
On the shared folder, right click, go to sharing and security, click on the advanced button and click on the "effective permissions" tab. Then, type in the person or group you want to see what the effective permissions, or what I call the "resultant set of permissions" , is for that share.
Oh, (bleep):
I am not thinking.
XP has the ability to cache domain usernames and passwords. It will use those cached records prior to going to the domain controller. If you changed your admin password recently, your cached entry will not match the domain password. So, you can get an access denied. But DNS works, so you can see the files.
On the XP box, go to, control pannel>>users accounts>>advanced tab>>manage password button. Remove all cached entries.
I thought for sure that was it:
I can only think of one other thing at the moment. Maybe the child objects within the share don't have the same permissions as the share. Have you pushed permissions down to all child objects within the share?
To do this, go to the right click the share, go to the sharing and security menu, click the advanced button, and select the box that says replace permissions on all child entries within the share. Then, click apply, (or is it OK).
I have wanted to say from the beginning this is an IT security setting:
Look at the files you are having problems with.
>.EXE (executables)
>.MSI (Microsoft Installers)
> .REG (registry editting files)
> and access database files
I am not clear if you are having problems with all file types, (like .doc, .txt, .xls).
The file types you seem to have problems with are the most Operating system intrusive files. They are used to install files, execute programs, edit the registry and so forth. Since you can run them locally and not remotely or off of a flash drive/network drive, this makes me think more and more about IT security settings. The question is, (is this the only machine effected or is it on every machine you go to and log on).
As mentioned before, Antivirus packages can prevent you from running these types of files from a remote location unless otherwise configured. We ruled out that possibility.
Antispyware can do this. We ruled that out.
unsigned software: (you say some of it is signed)
There is a Group Policy Object that can do this. It takes a little knowledge of Group policy and some edits. Since, I don't know if you have someone tinkering with group policy there is no way of telling wether you have a GPO that is blocking you. You would know of the GPO if you created it yourself.
Also, XP users can't run these types of files from remote locations. So, maybe your Domain credentials are saved as a user, instead of a local user, on that XP machine.
The one file type that has thrown me for a loop is the problem you are having with the access files. This shouldn't be a part of an IT security lockout.
So, can you tell me if all file type are problematic?
Can you also tell me if this is one machine that is having problems under your logon credentials?
Then it looks like you have a domain group policy object that prevents users from using certain files.
Run RSoP in logging mode and see what shows in the:
Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies
User Configuration\Windows Settings\Security Settings\Software Restriction Policies
At this point, you may be willing to try just about anything. Hang in there with me. This may seem odd, but I have a hunch.
Windows Explorer and Internet Explorer are like peas in bed with one another. So, maybe entering in the UNC path in trusted sites of IE will prevent explorer from denying you access from running these "operating system intrusive" files.
Give that a shot, it can't hurt.
I say "peas in bed with one another" because of the nature of Windows:
Windows Explorer is a GUI Shell that is used on the local machine.
Internet Explorer is a GUI Shell for remote sites, including USB storage devices.
They are like peas in a pod, because they are very similar in nature.
They are in bed with one another because they combine to make the complete package.
They are like peas in bed with one another, because sometimes it is all confusing.
Windows explorer has less security features because you are running OS intrusive files locally.
Internet explorer has more security features because you are running OS intrusive files remotely.
See the paradox?
Well, internet explorer has your domain as an untrusted site. All security settings that prevent you from accesing .exe, .msi, and .reg files and whatever else pertain. You can enter your domain as a trusted site, or you could probably create a GPO to add it as a trusted site.
Let me go to work and review the Internet explorer security options. Then, I might be able to link them up to a GPO or recommend some settings. Here at home, I have never used Internet Explorer. You will hear from me tomorrow.
I am adding this article so, I can easily reference this tomorrow morning. Parts of this article say the problem occurs regardless of certain configurations. So, I wanted that information handy while looking up the fix.
I think there is an option to identify your Intranet in IE advanced options.
http://support.microsoft.c
I had the same problem yesterday. I disabled the windows component "Internet Explorer Enhanced Security Configuration" for administrators and was able to run any .exe I needed. Of course, that also disables the extra security for Internet Explorer, but at least it got me going.
This probably falls into the 'work around' category also, but I thought I'd add my two cents.
OK:
Here's what I came up with today. Microsoft KB article only offers the work arounds. A plausible fix is to disable advanced security settings. Here are a couple articles for your reading pleasure:
http://support.microsoft.c
http://support.microsoft.c
Please NOTE:: Disabling Advanced security settings in IE will allow your users to run scripts and install files from a remote location. I think you want an alternative solution to adding all of these trusted sites and disabling IE security.
__________________________
I wish to offer an alternative solution. Knowing the problem, do you think we might be able to add the UNC path to your server by using a GPO. Doing this will allow you to continue to run under advanced Internet Explorer Security while you will still be able to access your resources as a trusted site. I think this is a more reasonable solution.
From one of our very own in EE:
http://www.experts-exchang
Now, what to add?? I don't think this will work by adding your domain as a trusted site:
*.your.domain.name (meaning all on your.domain.name) You may have to add the UNC path of the file server.
So, it might end up looking like this:
\\yourservername
Sorry it took so long to get back to you and maybe I'm miss reading your advice. But it seems like you are offering fixes for how to allow me to access the files in internet explorer, which I can do now. I can't access the files from windows explorer. Also, there are no GPO on our domain controller so that shouldn't be an issue.
Sorry I haven't responded in a while, I got caught up in another project.
I can't run these files in Windows Explorer over the network. I have to copy the file to my local computer(C: Drive) then open and make the changes, then move the file from my local computer to the network and replace the old file.
Hope that clears up the problem
OK:
I have been helping folks out recently on this issue and it seems there are two things that can cause such a problem.
One we already discovered. It is Internet Explorer Enhanced security. (I still believe this is your problem)
http://www.experts-exchang
The second is problems with the Domain Browser Services not being able to communicate.
http://www.experts-exchang
If you choose to remove IE enhanced security. Please credit Christop123 for that solution.
I'd just like to pass a thank you to this thread. Using it I was able to find out the issue on one of our DC's. I was attempting to install the symantec AV from a machine on another domain, and was getting problems. Adding *.ourdomain.com to the trusted sites worked, and so did the removing Internet Explorer Enhanced Security. For the actual rollout, I'll just add the trusted site via group policy, which'll work regardless of whether the client machines have the IEES.
Thanks to all.
Business Accounts
Answer for Membership
by: ChiefITPosted on 2008-04-03 at 10:45:10ID: 21274979
Some antivirus applications can prevent you from opening .exe and other potentially dangerous files from a remote location. You might try to temporarily disable your antivirus application and see if you can access the files. If so, you may need to edit the settings of the AV application on that computer.