?
Solved

Domain Users cannot view shares\computers

Posted on 2005-03-18
10
Medium Priority
?
265 Views
Last Modified: 2010-04-10
Hi, I have a slight problem with my active directory network.

When a Domain Admin logs in they can do: \\<computer name>  and view any shares.
however when a Domain User does the same, the error message 'access to the resource: <computer name> has been denied'

I have been looking through this site trying to find simalar problems, so some of the solutions I have tried are:

> Changing permissions in the group policies (which badly screwed up the network so I had to create a new PDC).
> Creating shared folder with 'everyone' having permission to read and then trying to get a user to view.

and these have not worked.

Thanks for your help

~dr_binks
0
Comment
Question by:dr_binks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 4

Expert Comment

by:DaGo21
ID: 13573943
What happens if you add Authenticated Users to the security group?
Is file and print sharing on?  
did it use to work?

If you are all member of the same domains and so are your users hitting your command should display something.
Alternative create a share (double check the share permissions) and see if this works e.g. \\computer\myshare.  Does \\PC\c$ work for example?

Let me know your results


0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13574249
When you get an access denied error when trying to access a file or folder then you need to look at the share AND the NTFS permissions (share AND security tabs) to make sure the user has rights. It has nothing to do with group policy. Also, if you only changed the share permissions and not the NTFS permissions then that is your problem. General rule is to set the share permissions to be less restrictive...such as granting share permissions to authenticated users. Then controlling the access via NTFS permissions because NTFS permissions allow for much better control.
0
 
LVL 22

Expert Comment

by:Reid Palmeira
ID: 13574406
one thing to check is to see if you can add the share via IP rather than by computer name so try something like

\\192.168.1.5\\myshare instead of \\bob\myshare and if that's the case, you have a DNS problem. If that's that case you should also be unable to ping computers by domain name. so ping bob won't work either as a quick test. The solution to that is to go into your DC or DNS server (if it's a different machine) and create/update the dns entry then make sure the client machines are all looking at the correct dns box. One issue i've had before is dhcp'ed machines which look to the dhcp server as the dns server. in cases where a router is the dhcp server (never best practice for an intranet) this is an issue because the forward lookup zone isn't updated well or at all. You need to make a static dns entry in any dhcp'ed machine.

one other thing to check is the permissiosn on the share, not just on the folder. Maybe also try mapping the share via the domain admin account, see if that works. If it does then it could be share permissions, rather than folder permissions.  Turn off simply sharing and the the sharing tab where you can set the share name in properties there is a button for "permissions" this sets permissions on who can map the share, make sure this is to a setting that your users can get access to. this is separate from the normal folder security permissions.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 5

Author Comment

by:dr_binks
ID: 13575088
ok, I shall elaboate on this

the admins cand o: \\compname   \\IPofcomp  \\compname\share  and  \\IPofcomp\share
but users cannot do any of those.
the default admin share (C$) is accessable to admins, but again users cannot connect to it.

I have checked the 'security' and 'share' permissions to make sure everyone has read permissions under both  

also, get this: we have a fileserver called 'fileserver'
the logon scripts work fine for all users (the shares appear and are accessable), now while the users cannot type: \\fileserver\share in explorer, they can make more shares and view shares in computers using the comand prompt (ie. net use \\fileserver\share  and net view /NETWORK: \\filserver).

I shall try adding the users to the security group on monday.. but what permissions does the securoty group give users?

thanks

~binks
0
 
LVL 5

Expert Comment

by:Magus_opus
ID: 13575558
a defalut share doesn't work for other users.  
You will have to go into sharing and security on those machines with this setting.  Disable the default share of C$, click ok to finalize the settings, and then reinable a new share with the name of your choice..

Also ensure you're setting the proper permissions while doing this..
0
 
LVL 5

Author Comment

by:dr_binks
ID: 13576394
its not just the C$ share thats the problem, all shared are unaccessable to domain users.
0
 
LVL 5

Author Comment

by:dr_binks
ID: 13578299
I think this will do the trick:
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B823659

I will find out monday.. if it does work then DaGo21 gets the points as he suggested the security group.
0
 
LVL 5

Author Comment

by:dr_binks
ID: 13610597
Note to admin:

the correct answer to the solution is here:

http://www.experts-exchange.com/Networking/Q_21358384.html
0
 

Accepted Solution

by:
PAQ_Man earned 0 total points
ID: 13640039
Question Closed, 500 points refunded.
PAQ_Man
Community Support Moderator
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question