Domain Users cannot view shares\computers

Posted on 2005-03-18
Medium Priority
Last Modified: 2010-04-10
Hi, I have a slight problem with my active directory network.

When a Domain Admin logs in they can do: \\<computer name>  and view any shares.
however when a Domain User does the same, the error message 'access to the resource: <computer name> has been denied'

I have been looking through this site trying to find simalar problems, so some of the solutions I have tried are:

> Changing permissions in the group policies (which badly screwed up the network so I had to create a new PDC).
> Creating shared folder with 'everyone' having permission to read and then trying to get a user to view.

and these have not worked.

Thanks for your help

Question by:dr_binks

Expert Comment

ID: 13573943
What happens if you add Authenticated Users to the security group?
Is file and print sharing on?  
did it use to work?

If you are all member of the same domains and so are your users hitting your command should display something.
Alternative create a share (double check the share permissions) and see if this works e.g. \\computer\myshare.  Does \\PC\c$ work for example?

Let me know your results

LVL 18

Expert Comment

ID: 13574249
When you get an access denied error when trying to access a file or folder then you need to look at the share AND the NTFS permissions (share AND security tabs) to make sure the user has rights. It has nothing to do with group policy. Also, if you only changed the share permissions and not the NTFS permissions then that is your problem. General rule is to set the share permissions to be less restrictive...such as granting share permissions to authenticated users. Then controlling the access via NTFS permissions because NTFS permissions allow for much better control.
LVL 22

Expert Comment

by:Reid Palmeira
ID: 13574406
one thing to check is to see if you can add the share via IP rather than by computer name so try something like

\\\\myshare instead of \\bob\myshare and if that's the case, you have a DNS problem. If that's that case you should also be unable to ping computers by domain name. so ping bob won't work either as a quick test. The solution to that is to go into your DC or DNS server (if it's a different machine) and create/update the dns entry then make sure the client machines are all looking at the correct dns box. One issue i've had before is dhcp'ed machines which look to the dhcp server as the dns server. in cases where a router is the dhcp server (never best practice for an intranet) this is an issue because the forward lookup zone isn't updated well or at all. You need to make a static dns entry in any dhcp'ed machine.

one other thing to check is the permissiosn on the share, not just on the folder. Maybe also try mapping the share via the domain admin account, see if that works. If it does then it could be share permissions, rather than folder permissions.  Turn off simply sharing and the the sharing tab where you can set the share name in properties there is a button for "permissions" this sets permissions on who can map the share, make sure this is to a setting that your users can get access to. this is separate from the normal folder security permissions.
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 13575088
ok, I shall elaboate on this

the admins cand o: \\compname   \\IPofcomp  \\compname\share  and  \\IPofcomp\share
but users cannot do any of those.
the default admin share (C$) is accessable to admins, but again users cannot connect to it.

I have checked the 'security' and 'share' permissions to make sure everyone has read permissions under both  

also, get this: we have a fileserver called 'fileserver'
the logon scripts work fine for all users (the shares appear and are accessable), now while the users cannot type: \\fileserver\share in explorer, they can make more shares and view shares in computers using the comand prompt (ie. net use \\fileserver\share  and net view /NETWORK: \\filserver).

I shall try adding the users to the security group on monday.. but what permissions does the securoty group give users?



Expert Comment

ID: 13575558
a defalut share doesn't work for other users.  
You will have to go into sharing and security on those machines with this setting.  Disable the default share of C$, click ok to finalize the settings, and then reinable a new share with the name of your choice..

Also ensure you're setting the proper permissions while doing this..

Author Comment

ID: 13576394
its not just the C$ share thats the problem, all shared are unaccessable to domain users.

Author Comment

ID: 13578299
I think this will do the trick:

I will find out monday.. if it does work then DaGo21 gets the points as he suggested the security group.

Author Comment

ID: 13610597
Note to admin:

the correct answer to the solution is here:


Accepted Solution

PAQ_Man earned 0 total points
ID: 13640039
Question Closed, 500 points refunded.
Community Support Moderator

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question