[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unable to Move, Rename or Delete files created on the network

Posted on 2007-10-03
22
Medium Priority
?
317 Views
Last Modified: 2013-12-04
We have a windows 2003 network with the folloing configuration:

Three servers, Windows File Server Running Win2003 SP2, Exchange 2003 Server running on a Windows 2003 Server SP2 Platform and a Terminal Server also running on a Windows 2003 Server Platform.  Workstations are running Windows XP Pro SP2.

Problem:

After users on the network create a word document or any other type of document and save it to one of the assigned network drives and then try to either move, rename or delete the file, the system states that the file is currently in use and cannot be moved or deleted.  I checked the security for the file that was created and the user has FULL security rights to the file and directory.  I tested it myself and the same thing is happening.  If i create a document and save it to the local drive, I can rename it, move it and delete it if I want to.  This is happening with all users from any workstation within the network.  I ran a scan to make sure we didnt have a virus and it came back clean.

Does anyone know what might be causing this?

Thanks for the help.
0
Comment
Question by:mcgowray
  • 8
  • 7
  • 4
  • +1
22 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20006250
What rights so they have on the SHARE - they need Full Control.
0
 
LVL 7

Expert Comment

by:tcicatelli
ID: 20006260
I'm sure I'm restating the obvious, but by "Full" permissions, are you saying full NTFS permissions AND full network permissions?  The two are separate.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20006418
The two are seperate. to set the share permission go to the shared folder - right click, select Properties, Sharing and select the PERMISSIONS option on the share tab - set to Full Control for the group (or Full control for EVERYONE) - don't panic the NTFS permission will still apply.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 20006430
Here is an explanation I gave in another question

When you share a folder it has share permissions. For the most part, if your drives are formatted as NTFS then give the 'Everyone' Group 'Full Control' at the share level (you will need to change the default permission on the Sharing Tab as the Default is 'Everyone' Read). This may seem odd and insecure but it is not as NFTS itself allows you much greater control of permissions. It is usual to allow full control at the share level and then tie down permissions with NTFS.

If you right click on a folder and go to the Security Tab, it will show you the NTFS Permissions. Normally you will want a shared folder not to inherit permissions from its parent folder or drive, So go to the Advanced Tab and clear the 'Inherit from parent...' box and COPY the permissions when prompted.

You can then edit/add/remove groups from the security tab and assign each the required permissions. So if you want the Marketing Group to have full access to a folder, add the Marketing Group and Assign them Full Control. If you want the Sales Group to be able to read the folder and files but not add/delete/change anything, add the Sales group and leave the default permissions, (read, read and execute list folder contents). To stop others accessing the folder remove the Everyone and (domain) Users Groups from the list.

It is enough that groups do not appear on the list to stop them getting access. You do not normally need to DENY. If a user is a member of two or more groups they get the best of their cumulative NTFS Permissions (unless a deny is present, in which case it overrides).

Normally the standard permissions will be sufficient for most purposes; if you want to be more prescriptive you can use the 'Advanced' option and set advanced permissions.

If users have both share and NTFS permissions they get the most restrictive of the combination of the combined NTFS/Share permissions (which is why it is normal to allow Full Control on the share and rely on NTFS permissions)

It is usual to give permissions to groups, not to users as this makes for easier management. If a new person joins the sales team, you just add them to the sales group and they automatically get all the permissions assigned to the Sales Group. If someone moves from Marketing to sales you remove them from the Marketing group and they lose all the Marketing Group Permissions, when you then add them to sales they get all the permissions of the sales group. As already stated a user can be a member of multiple groups.

See http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html for more info

Once a folder is shared with the correct folder and NTFS permissions users can connect to it using the UNC path name, it they can type \\ServerName\ShareName at the run Prompt. Alternatively they can map a drive to the folder. To do this click on Tools, Map Network drive in Windows Explorer and  assign any unused drive letter to the shared folder. The folder will then appear a s Network drive in "My Computer"
0
 

Author Comment

by:mcgowray
ID: 20006445
I believe they have both.  When I click on the network folder in question and go to the security tab, it shows all the users that have access to that folder with full access.  When I go the file server and right click on the shared folder for the users and go to security the share has full access rights.  This started occurring a few days ago.  I dont understand the problem.  If I have a users that has full access rights to a folder and everything under it, they can create a doc, open it and edit it but they cant move, rename or delete it.  The security on the file itself is set to full for this user.

I'm confused.
0
 
LVL 7

Expert Comment

by:tcicatelli
ID: 20006474
If you are having an issue where you can't modify, edit, delete, etc over the network, but can do all these things locally, the problem is with your share permissions.  You need to go to the server, right-click "sharing" and set permissions there.  It can be nothing else.
0
 

Author Comment

by:mcgowray
ID: 20006615
I checked all the permissions and everything looks like it is set correctly.  As a test I created a test share on the server.  I gave the share full access to the "Everyone" object.  I went back to the users station, mapped a drive to the new share, created a test doc in that folder and the same issues occured.  How can that happen if I gave full access rights to the folder and the user?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20006658
Have you got any deny options set anywhere ?
0
 

Author Comment

by:mcgowray
ID: 20006694
No.  I check all of the permissions for the users.  I agree that it is a security issue but I just cant seem to find it.  I have been up all night trying to get this resolved and I admit I'm a littel punchy right now.  I setup a test folder on the terminal server just to see.  I mapped a drive to it from the users workstation and I was able to create and delete the doc.  So it is definitely on the file server.  Where else can I check if there are deny permissions set?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20006728
Check that you have not put any deny options on any of the share permissions or on any of the NTFS permissions on the hared folder or any folders above it that it may be inheriting permissions from.

You can also user the |Effective permissions tab on NTFS - see if that reveals anything - http://technet2.microsoft.com/windowsserver/en/library/87b011ec-b1b4-4baf-8ab0-53147b22a4201033.mspx?mfr=true
0
 

Author Comment

by:mcgowray
ID: 20006823
I checked the effective permissions and there are no checks in any of the Deny entries.  I'm lost.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20006918
Does seem very odd - I'll have to think about that a bit more.
0
 

Author Comment

by:mcgowray
ID: 20006934
Thanks I do appriciate the help.
0
 
LVL 7

Expert Comment

by:tcicatelli
ID: 20006946
Have you tried accessing it remotely as an administrator?
0
 
LVL 7

Expert Comment

by:tcicatelli
ID: 20006951
Oh, I know, I Know!!!

Did you log off and log back on to read the new permissions?
0
 

Author Comment

by:mcgowray
ID: 20007026
Tried that.  No Joy.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20007031
.. could be - here's hoping ....
0
 
LVL 9

Expert Comment

by:samiam41
ID: 20013413
Are you set up in an AD environment?  I didn't see where you mentioned that part.  Also, have you made any changes to your network (DNS, DHCP, WINS) during the last 3 days or install a new AV product?  Are you getting any error messages in the event viewers on the desktops or server(s)?
0
 
LVL 9

Expert Comment

by:samiam41
ID: 20013431
Is this Windows 2003 R2 SP2?  There is another post (sorry, no solution for them either yet) with similiar issues on their server.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22869537.html?cid=365

0
 

Author Comment

by:mcgowray
ID: 20014237
It is an AD environment.  We have recently added Macafee Enterprise AV 8.5i to the servers.  No Errors in the logs that would indicate a problem.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 20014425
Is McAfee doing any kind of scanning that would prevent access to the files during the day?  Check to see your AV settings.
0
 

Author Comment

by:mcgowray
ID: 20018492
Checked.  Everything looks OK.  I dont think it is interfereing with the writting of the files
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question