• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 717
  • Last Modified:

Ppermissions on a Windows Domain

I have a domain with 1 server (SBS 2003) and 3 PCs (LAPTOP, CORNER and DESK) running Windows XP Pro
I have one user account, John, that I use to sign onto all workstations.
I have File & Print Sharing enabled on all workstations.
John is an Administrator in the Domain Admins group
All PCs have static IPs: 192.168.0.###

I CAN make the following connections for printer and filesharing:
DESK to CORNER
DESK to LAPTOP
CORNER to LAPTOP
CORNER to DESK
LAPTOP to DESK

Now here's the part that is driving my CRAZY!!
PROBLEM: I cannot connect to the CORNER PC from the LAPTOP PC.
I can ping CORNER by name from LAPTOP
NSLOOKUP resolves all names and IP addresses

When I try to connect, I get the following:
\\corner is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The user name could not be found.

Any ideas??

Here's what I have tried:
Disable "Internet Explorer Enhanced Security Configuration" on the server
From LAPTOP, leave and re-join the DOMAIN
Added LMHOSTS records to all machines with the 4 names and addresses preloading

I have checked over and over for typos, but I haven't found any.

Thanks!
0
HighTechGeek
Asked:
HighTechGeek
  • 10
  • 9
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
A.  Why do all workstations have static IP's?

B.  Did you join all workstations to the domain using http://<servername>/connectcomputer?

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
A. Because there are only 3 workstations and it allowed me to set up an lmhosts file as an attempt to help the situation. They don't have to be static, but that wouldn't make a difference would it?

B. No. I used the Network Configuration Wizard.

By the way... These computers were setup about a year ago and the LAPTOP used to be able to open files on the CORNER PC. It lost the ability about 3 months ago and I am only onsite when needed, so I don't know what was done around the time of the change 3 months ago. But I have gone over and over the configurations and can't find the problem.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
SBS provides a very easy to manage small network solution as long as you follow the documenation and set it up in the manner in which it was designed.  I strongly suggest that you use DHCP running on your SBS and allow workstations to get their network information automatically.

Further, not using SBS's wizards will ultimately cause you problems because of the various server components combined on SBS which could cause conflicts if not configured properly.  You also would be able to have full remote management ability if you set the network up according to it's documented methods.  It also would mean that you don't have to spend ANY time troubleshooting issues like these.  

To see all that connectcomputer does, please review http://sbsurl.com/connect

For now, I would rejoin the workstations following these steps:


At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
5.  Delete the following Registry Key entirely:  HKLM\Software\Microsoft\SmallBusinessServer
6.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
7.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Setup Client Computers wizard

Then, go back to the client machine, log back in with the local Administrator account.
1.  If there is more than one network interface, make sure that the only one that's enabled is the one connected to the SBS.
2.  Open IE and enter http://<servername>/connectcomputer in the address bar
3.  Supply the domain Administrator credentials when requested and assign appropriate user to the machine
4.  After the machine reboots the second time, log in with the assigned user's credentials to complete the process.


0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Also...
"They don't have to be static, but that wouldn't make a difference would it?"

It would make a difference if you didn't configure the other networking options that are done via DHCP.

Also, if you have configured a DNS Server IP other than that of the SBS then there would definitely be problems.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
And one other thing... why are you wanting to have workstation to workstation sharing anyhow?

All files should be stored on the server so they can be backed up correctly.  

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
Wow! Thanks! I feel like I have been scolded!

I will definitely try what you suggested.

The DNS was manually configured to the server exclusively, but I will implement DHCP per your instructions (plus everything else of course).

Workstation to workstation file sharing is because they are running an ACT! database from the CORNER PC and perform their backups from that PC as well - believe me, I have told them to put it all on the server, but I didn't setup ACT! or the backup nor do I support that part of it (they have an ACT! consultant), so what can I do... anyway, the reason they have a server at all is so that they could all log in with the same account and control the same email account using Outlook (which ties in with ACT! email). It's basically 3 people working in ACT! on a single email account simultaneously, but that's another story.

I'll keep you posted - it may be a while before I get back on site to do this.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sorry about that... the "and another thing..." add-ons definitely sounded like a scolding... but it seems as though you took it in the spirit in which it was intended!  :-)

FYI, if DHCP is not currently running on the SBS and is running on a router instead you need to change that.  See http://sbsurl.com/dhcp (bottom of page) for how to get it back on the SBS.

As for ACT! it's probably better left on a PC as it's server.  But the backup really should be running on the SBS because I doubt that it's properly backing up things otherwise.

Over the past couple years I've converted about a dozen clients from using ACT! to Outlook Business Contact Manager.  It totally ROCKS over ACT! and because it's integrated within Outlook it doesn't make copies of email messages the way ACT does (one of my pet peeves with ACT!, among others).  You might want to take a look at it just to understand how much better it is than ACT!  For an overview of BCM written by a former ACT! Specialist:  http://www.pinpointtools.com/articles.asp?id=125

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
Jeff,
thanks again for the great advice - I'm in the middle of it and here are some issues:

1. After logging in locally (step 1), I am not finding the registry entry described in step 5. I am ignoring this and assume the key wouldn't be in the local account registry, but in the domain user registry.

2. I started with and completed LAPTOP and all seemed to go well. Now I am doing CORNER and received the following error when trying to remove the old computer name:
------------------------------
Set Up Computer Wizard
Set Up Computer Wizard was unable to remove this computer from the network. Open Active Directory Users and Computers, and remove the computer manually.
             [OK]
------------------------------
I clicked OK and opened ADU&C. (interesting to note - here, it lists CORNER and DESK, but not the new LAPTOP name) Anyway, now I get another message when trying to delete CORNER:
------------------------------
Active Directory
Object CORNER is a container and contains other objects. Are you sure you want to delete object CORNER and the objects it contains? This operation could take a long time if CORNER contains a large number of objects.
      [YES]   [NO]
------------------------------
For now I have said NO. I didn't get this with LAPTOP. Your advice?

Thanks,
Dan
0
 
HighTechGeekAuthor Commented:
Nevermind on 2. I realized that ADU&C, from the view menu, allows you to view users, groups and computers as containers. Once I checked this, I discovered that a printer object was associated with CORNER. I deleted it and then deleted CORNER. I will have to set up the printers again, but oh well. Now I can continue... I will keep you posted.
-Dan
0
 
HighTechGeekAuthor Commented:
Well, it all seems to have worked! Thanks, Jeff!
One caveat and a few notes:
1. The printer that I deleted from Active Directory shows up in the other computers and I can't delete it.
2. When using Outlook with ACT! and Exchange, you must disable Cached Mode. This had been done, but upon opening Outlook for the first time on the with the new computername, Outlook automatically enabled Cached Mode and started copying the entire mailbox over in an effort to sync the mailbox. I immediately went into the Email Settings and disabled Cached Mode and Offline Mode and was able to exit Outlook and restart.
3. I had to manually edit the *.pad files for ACT! to change the computername for the path. I had to do this on all the workstations.
4. Any shortcuts pointing to any of the workstations had to be renamed or replaced as the names had changed.
5. I deleted and re-added all the printers - not sure if this HAD to be done, but it allowed me to clean up some junk

Overall, I was impressed that all my files and settings were maintained (except as noted above). Thanks a lot, Jeff for your expert advice.

The only thing I would ask is: Do you know how to get rid of the bogus printer showing up on the workstations after I deleted the printer object from Active Directory? The error message I get is:
--------------------
Remove Printer
Printer connection cannot be removed. Operation could not be completed.
     [OK]
--------------------
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Looks like you have things in much better condition.

I would note that by not using Cached Exchange Mode you will not be able to take advantage of the SPAM filtering features offered by both Outlook and Exchange.  This is just another disadvantage of using ACT!.

You shouldn't need to manually add printers to any workstation if they are added to the server correctly using the Add Printer wizard found on the To-Do list.  They would then be added to each workstation automatically.

Regarding the error you received when trying to remove a printer see:
http://www.chicagotech.net/others/printerror1.htm

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
The printer thing didn't work. It basically says to change the name of the printer, change it back and then delete it. I can't even change the name. Anyway... you helped me with my question, so there's no reason for me not to award the points at this time. thanks again!

If you have any other thoughts on deleting the orphaned printer, please let me know.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I think you misread that article.  It doesn't say to change the name and then change it back.  WHat it says is to find out what the name is for that printer as shown on the computer it's actually attached to, and the make sure that it has the EXACT same name showing on the computer you are trying to delete it from.

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
Oh I see. However, I can't change the printer name on LAPTOP (it beeps if I select it and then click on the name and rename isn't an option if I right click on it) and anyway, it already matches the share name on CORNERNEW (the printer share name never changed). I should have probably removed all shares before changing the computer names.

Still can't delete it since CORNER and LAPTOP were renamed. The printer shows up twice on LAPTOPNEW - once from the CORNERNEW(which works fine) and once from CORNER (which won't let me do anything to it without just beeping or giving me the above error message).
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Then you aren't using an account that has enough rights.  Log into the Laptop with the Built-in Domain Admininstrator Account.  Then, make sure that the Domain Admins group is a member of the Local Administrators Group. (this actually should have been set this way when you ran the ConnectComputer wizard).

Then, you should be able to right click on the printer and change the Ownership to "Administrators"  at which point you can then change it's security settings so that you can ultimately delete it.

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
When I right-click on it and choose properties, I get the following error message:

-----------
Printer properties cannot be displayed. The print spooler service is not running.
[OK]
-----------

The print spooler service is started and I can right click on the other printers and go to security and view the owner. The Domain/Domain Admins and the Domain/Username are both members of the local Administrators group.

Thanks for your continued help!
-Dan
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Check out this forum post:  http://snipr.com/1p7tr

Perhaps you have a 3rd party firewall running on that computer?

Jeff
TechSoEasy
0
 
HighTechGeekAuthor Commented:
Thanks TechSoEasy... your link points to an invalid post for me on Velocity Reviews :-(

(how do you do that with snipr.com?)

No 3rd party firewall either. Maybe I could search the registry and remove it there as a non-existent share?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Don't know what happened with that snipr link, but here's the corrected one:  http://snipurl.com/1pj4p

Jeff
TechSoEasy
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now