DOS Client 3.11 and W2K3 SP1 upgrade - access denied error 5 when trying to reach shares

I have been using a Bart corpmb bootable cd for several years to boot DOS, logon to network, run ghost and thensave image to a share on the network. After applying W2K3 SP1 I have been getting access denied error 5 when trying to access a share. I've tried domain\username password, machine\username password to no avail. On a related topic after the SP1 upgrade I've been getting an error on my domain controller as follows:

The file it references does exist and it seems that permissions for it are correct. I'm not so sure my DNS setup is working correctly. I have no DNS errors - its setup was performed during the promotion of the member server to DC. One question I have is where to assign my ISP's DNS servers - should that only be in the DHCP server?

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            1/18/2006
Time:            1:29:19 PM
User:            NT AUTHORITY\SYSTEM
Computer:      XYZ002
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=xyz,DC=local. The file must be present at the location <\\xyz.local\sysvol\xyz.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at

Who is Participating?
Also look into if your server now insists on receiving only signed SMB packets.  Try disabling signed SMB for kicks
Hi dsteinschneider,

as far as ISP servers go i find it best to add them in as a forwarder on your DNS server itself and leave it there

can you run dcdiag for me and see if we can get more info on the error

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

dsteinschneiderAuthor Commented:
This weekend I got my domain policy mmc working again by following instructions from an MS KB regarding exaclty carl's post - I will boot the bart network disk tonight - It looks like Carl's suggestion will be the correct one.
dsteinschneiderAuthor Commented:
Still get the message from one server and one workstation - I'm guessing that I need to change the SMB signing on each machine I want to reach by modifying the local policy?
dsteinschneiderAuthor Commented:
I have one question - I'm not sure when this problem started because I only use DOS networking once in a while for ghosting. It must have been caused by both an XP and Windows Server 2003 security update that required SMB signing? I'm wondering if anyone knows which update implemented this behaviour?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.