• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

Small Business Server 2003, SP2

I created a user using the SBS create user wizard.  I then joined he PC to the domain succesfully.  I then added the user to the by logging in as the domain user on the PC.  We can connect to the SBS exchange server but we are not able to see or connect to several shares on the SBS server.  I have rejoined the PC and user to the domain but the results are the same.  I believe that the user has some incorrect or missing security or policies.  Any Ideas
0
PTSGROUP
Asked:
PTSGROUP
1 Solution
 
bluetabCommented:
Please provide a little more info:
Can you just not see the shares when you view Explorer?
What happens if you go to Run and type \\SBSname
Can you map a network drive with this user?
Can another user successfully login to the computer and see the SBS shares?  
0
 
Alan Huseyin KayahanCommented:
       You used the create user wizard for creating user but did you use connect computer wizard for joining the domain by typing http://sbsservername/connectcomputer   ?
0
 
kmrussCommented:
My first thought would be, even though you've got the user logged onto his computer via the domain, you still have to give him permission to access the shared resource he's trying to access.

For instance, let's say the directory is C:\DATA on the server.  You need to have RIGHT-CLICKED on this directory (Data), click 'SHARING AND SECURITY', and then click 'Share this folder' - and then give it a name under 'Share name' like 'DATA'.  Then, if you had already done that, you still need to click on the PERMISSIONS tab under this same dialog box and make sure his user group or his user account have read or read/write access to the folder - depending on how much access you want him to have.

I'm assuming his user account is in the 'Domain Users' group when you added him via the create user wizard - so you could add the group 'Domain Users' to 'permissions' - and then give that group read or read/write access to the share.  If this is confusing to you, you could just give his user account access directly by adding him under the 'permissions' tab for the share.  Suggested to use the user group as it's more efficient this way - but I can walk you through that later if you're not sure how.

You can then test if this worked fairly quickly by clicking START then RUN on the client that is logged onto his computer via the domain account, and type \\servername\sharename.  Obviously insert your servername and sharename in there .. if servername were 'FILESERVER' .. and your sharename was 'DATA' .. you would type \\fileserver\data   -  This should then open up the directory in a window if all was successful.

Hope this helps.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
PTSGROUPAuthor Commented:
I added the domain user as a local administrator to the computer that I joined to the domain.  I'm not able to see the computer or any of the shares on the computer.  I have attempted to browse to the computer with explorer and buy using the "start" - Run command line.  Outlook 2003 connects to the SBS exchange server but nothing else that is shared is visible on the doman.  I'm perplexed on this one
0
 
kmrussCommented:
PTS,

Oh, should have mentioned this before.  Double-check the Windows Firewall on the box - and make sure that 'File and printer sharing' are CHECKED to allow file sharing to be visible on the network.  START > CONTROL PANEL > WINDOWS FIREWALL > should be set to ON (BUT DO *NOT* check 'Do not allow exceptions - or you will block everything) - click 'EXCEPTIONS' tab - 'File and printer sharing' needs to be checked ... click OK.

Also, see if you enable 'Remote Routing and Access' - as apparently that can block connections too.  START > CONTROL PANEL > ADMINISTRATIVE TOOLS > ROUTING AND REMOTE ACCESS > Check the 'status' in the right-column.  If the state is 'stopped' (and maybe unconfigured), then you should be fine.  If not, let me know - as you have to enable more under here to get file sharing working.

Let me know if this works.
0
 
PTSGROUPAuthor Commented:
I checked the windows firewall service previously and I don't have the service running.  quick thought, would it need to be running with file and print sharing and other services allowed.  I haven't done that before but maybe it would fix the security problem.  Maybe this is something to do with the latest SBS SP and 2003 upgrades?

Also, routing and remote access is not running and not configured.
0
 
kmrussCommented:
Windows Firewall doesn't have to be running in order for it to allow 'File and Print Sharing'.  With it not running, it would be 'wide-open' and allow it anyway.  However, you could try enabling it to see what happens.  Mainly, it's not 100% necessary to have the Firewall activated on INSIDE (LAN ONLY) connections.  Only on the interfaces (nics) that have an OUTISDE (Internet accessible) address.

However, I generally enable the firewall on my inside connections as well in case a virus gets loose or something inside the network.  The only hitch there though - most users will have SOME kind of 'write' access on a network drive ... so a firewall will already 'trust' them and do nothing to stop a delete of some kind.  That's why it's best to make sure your permissions are ONLY as loose as you need them (don't give people write/delete access if they don't need) - and make SURE you have nightly backups of your data.  Nothing is 100% - but you can always restore from that backup if needed.

The main thing a firewall on an INSIDE connection might do is stop some sort of 'flood' or 'DOS' attack or etc. on the server - assuming it didn't use the file sharing port to do it on.  It would also block any exploit (security bug) that hasn't been patched as well from the inside.

So question:  What DOES happen when you type something like:  \\servername\sharename  in a 'RUN' box?  Do you eventually get an error message ... or nothing?  It could be a DNS issue and it not be finding it.  You might try it by the IP Address instead of the servername ... like \\serverip\sharename.  So if your local network address for the server was '192.168.1.3' ... it would be \\192.168.1.3\data  (assuming data was your share name).  See what that does and post any error msg you get.
0
 
PTSGROUPAuthor Commented:
Figure this one out.  At the PC, I opened a command windows and pinged the SBS server using the hostname and it replied with the correct ip address.  I then pinged the SBS server with the ip address and it replied with the correct hostname.

I then went to "Tools" and used "map network drive" and used the IP address in the path "\\192.168.0.110\company files".  I indicated that a share was already in use at x:  \\central\company files and would I like to disconnect and remap the share.  I selected yes and it apparently did the drive mapping.  I open internet explorer and it shows the X drive mapping as "\\central\company files" using the hostname and not the IP address as used in the above mapping exercise.  The mapped drives works great now.
0
 
kmrussCommented:
Good deal.  It sounds like the above had already worked for you - but you didn't realize it.  I'm assuming the PC is either Windows XP or Vista?  The new Windows sometimes seem to allow the drives to be mapped - but don't immediately pop up a new window showing the directory (they just map 'silently' if you will.  It sounds like that's what happened if the drive letter was already mapped when you went to do it again.
0
 
kmrussCommented:
I believe my tips helped him map the drive - but he didn't realize it was mapped (see his last comment).
0
 
Computer101Commented:
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now