Unable to delete a file in my fileshare even though I am an administrator...

Posted on 2007-11-20
Medium Priority
Last Modified: 2013-12-04
Me, John Smith (names changed to protect the ignorant) :-) am unable to delete a file I should be able to.  On boot, H: is assigned to \\server-name\Information Systems.  From the XP desktop, I navigate to my Employee\JSmith share and attempt to delete a file.  I am unable to.  Windows returns an error saying "Cannot Delete <file name>: Access is denied".  I am failing to see why I am unable to delete this file... or any file for that matter.  I cannot create, edit, delete files on this share for some reason.

Path on server: D:\Information Systems\Employee\JSmith

File: test.txt

Permissions in folder JSmith:
- Allow: JSmith, Full Control, <not inherited>, This folder, subfolders and files
- Allow: CREATER OWNER, Full Conrol, <not inherited>, Subfolders and files only
- Allow: SYSTEM, Full Control, <not inherited>, This folder, subfolders and files
- Allow: Administrators (company.com\Administrators), Full Control, <not inherited>, This folder, subfolders and files

Owner (tab) of folder JSmith:
- Current owner of this item: John Smith (JSmith@company.com)

Effective Permissions (tab) of folder JSmith
- If I enter JSmith the system returns all check boxes as checked

I've tried checking "Replace permission entries on all child objects with entries shown here that apply to child objects" but it hasn't changed anything.  I still am unable to delete.

JSmith is a member of the enterprise admins, domain admins.
Question by:awsiemieniec
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 20321229
Have you changed your password recently?  Run gpupdate /force from a command prompt on the server to update its group policy settings and also try rebooting the server.  Try changing \\server-name\Information Systems to the server's ip address, \\192.168.x.x\Information Systems.  Changing to the ip willusually fix this issue.

Author Comment

ID: 20321304
victorjones1: Thanks for the suggestion.  I have not changed my password for a while.  Just this AM the system prompted me that I have 14 days to do so.  This problem has been ongoing for about 8 days now.  Being this is a production/live server I am unable to reboot at the moment.  I'll reboot tonight.

Expert Comment

ID: 20321399
Do you use a boot script, group policy, or the Profile tab in Active Directory to automatically connect this folder at startup?

Try changing the server name to the ip address.  You don't have to reboot for that, and doing so will most likely resolve your issue.
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

LVL 13

Assisted Solution

cshepfam earned 300 total points
ID: 20321720
I think you should read this article i created.  It's similar to your problem and I believe it may help you out.  Though its for disk quota setup, it also talks about the situation you're facing.  It can't hurt and hopefully it helps.


Author Comment

ID: 20322022
On my AD server for my profile, my logon script is set to logon.vbs and my home folder is (X) Connect: H: to \\server-name\Information Systems\Employee\ASiemieniec

So I will change \\server-name\... to \\<IP Address>\...

While doing so on the server under my account on the profile tab, an error box appears.
Title: Active Directory
Message: The \\\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.
Buttons: OK

So, what's up with that?  Attached is the logon.vbs generic script we run.
On Error Resume Next
Dim GroupList
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
LogonPath = fso.GetParentFolderName(WScript.ScriptFullName)
'**************************************Group Mappings Based on Grouplist.csv*********************************
If fso.FileExists(logonpath&"\Grouplist.csv") Then
   Set grplist = Fso.OpenTextFile(logonpath&"\Grouplist.csv")
   ' make File into an Array
   aGroup = Split(grplist.Readall,vbcrlf)
   For I = 0 to UBound(GroupList) ' Check Every Group Membership the user is in (populated into Grouplist)
      grpname = Grouplist(i)
      For x = 0 to UBound(aGroup) ' Read the entire CSV to make sure all drives are mapped for each Group
         mapline = agroup(x)
         If InStr(LCase(mapline),LCase(grpname)) Then ' If you're in the group
            mapline = Mid(mapline,InStr(mapline,",")+1) ' Remove the GroupName from the line
            Drive = Left(mapline,InStr(mapline,",")-1) ' Extract Drive Letter
            Path = Mid(mapline,InStr(mapline,",")+1) ' Extract the path
            If (fso.DriveExists(drive) <> True) and (Drive<>"!!") Then ' If The Drive is not already mapped
               WshNetwork.MapNetworkDrive drive,path,true ' Map The Drive
               wscript.sleep 1000
            End If
        If Drive = "!!" then
               WSHNetwork.AddWindowsPrinterConnection Path
               wscript.sleep 1000
            end if
         End If
End If
'*************************************************Sub GetGroupInfo********************************************
Sub GetGroupInfo
Set UserObj = GetObject("WinNT://" & wshNetwork.UserDomain & "/" & WshNetwork.UserName)
Set Groups = UserObj.groups
For Each Group In Groups
	GroupCount = GroupCount + 1
ReDim GroupList(GroupCount -1)
i = 0
For Each Group In Groups
	GroupList(i) = Group.Name
	i = i + 1
End Sub

Open in new window


Expert Comment

ID: 20322065
Does this logon script map you to more than one folder or just your home folder. \\\Information Systems\Employee\JSmith?

Expert Comment

ID: 20322102
Or did you change the server name to the ip here:

Connect:  Z:  To:  \\Information Systems\Employee\JSmith

on the profile tab in you AD user properties?

Expert Comment

ID: 20322145
I am not sure what you are trying to do with this VB script because I have not use VB for at least 5 years, but it seems like an overly complicated way of mapping multiple drives.  I use simple .bat files for this similar to:

@echo off

net use T: /delete
net use U: /delete
net use V: /delete
net use T: \\192.168.x.x\Depts /yes
net use U: \\192.168.x.x\Depts\Everyone /yes
net use V: \\192.168.x.x\scans\scan_folder /yes

Expert Comment

ID: 20322201

The \\\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.

error says to me that your file server has lost part of its connection to the domain controller, which is why it says you can't create any files on it.  It is looking to the DC for your user name but can't see it for some reason.  A reboot on both servers should fix this, and make sure you do not have a firewall blocking anything.

Also try to access the file server from remote desktop.  If you are able to access it using your user name that might also clear up the problem.

Author Comment

ID: 20322512
victorjones1: The file share server is the same machine as the DC.
Accessing the file server via RDP and logging in as myself, I ge the same error that I'm not able to delete/change/add any of my files.
The logon.vbs file looks at what group membership the user has.  Finds the group by name in the "grouplist.csv" file and applies a drive letter to it.  That way if JSmith is a member of Accounting, Scheduling, Reception that user will get the Accounting drive, Scheduling drive and Reception drive; others if needed.
I changed from server name to server IP in both my logon script/CSV file where it references the server as well as in my profile tab in my AD user properties.

cshepfam: I've read your article.  I'll try applying the same method you outlined to my structure.

Assisted Solution

victorjones1 earned 300 total points
ID: 20323789
Since this server is the DC as well as the problem server your permissions are being blocked somehow.  Try the server restart first to refresh all the DC's settings.  If that does not work, a group that your user belongs to is not allowed access to your folder.  

Are there any groups or users who have checks in the denied column of your folder?  Try creating a test user and giving the test access rights to that folder.  Your AD user's attributes may be corrupt.
LVL 18

Accepted Solution

PowerIT earned 1400 total points
ID: 20326063
It's not only NTFS rights. On the share itself their are also rights, although simple once, which can block you.
On that server: right-click my computer, choose manage, browse to system tools/shared folders/shares. Right-click the share, choose properties, then the share permissions tab and verify if you have at least change rights.


Author Closing Comment

ID: 31410154
PowerIT: You nailed the problem. Can't believe I missed that setting.
victorjones1: You had great ideas and I apprechiate your help
cshepfam: I will be using the suggestions you made in your article to my server.


Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question