Unable to delete a file in my fileshare even though I am an administrator...

Posted on 2007-11-20
Last Modified: 2013-12-04
Me, John Smith (names changed to protect the ignorant) :-) am unable to delete a file I should be able to.  On boot, H: is assigned to \\server-name\Information Systems.  From the XP desktop, I navigate to my Employee\JSmith share and attempt to delete a file.  I am unable to.  Windows returns an error saying "Cannot Delete <file name>: Access is denied".  I am failing to see why I am unable to delete this file... or any file for that matter.  I cannot create, edit, delete files on this share for some reason.

Path on server: D:\Information Systems\Employee\JSmith

File: test.txt

Permissions in folder JSmith:
- Allow: JSmith, Full Control, <not inherited>, This folder, subfolders and files
- Allow: CREATER OWNER, Full Conrol, <not inherited>, Subfolders and files only
- Allow: SYSTEM, Full Control, <not inherited>, This folder, subfolders and files
- Allow: Administrators (\Administrators), Full Control, <not inherited>, This folder, subfolders and files

Owner (tab) of folder JSmith:
- Current owner of this item: John Smith (

Effective Permissions (tab) of folder JSmith
- If I enter JSmith the system returns all check boxes as checked

I've tried checking "Replace permission entries on all child objects with entries shown here that apply to child objects" but it hasn't changed anything.  I still am unable to delete.

JSmith is a member of the enterprise admins, domain admins.
Question by:awsiemieniec

Expert Comment

ID: 20321229
Have you changed your password recently?  Run gpupdate /force from a command prompt on the server to update its group policy settings and also try rebooting the server.  Try changing \\server-name\Information Systems to the server's ip address, \\192.168.x.x\Information Systems.  Changing to the ip willusually fix this issue.

Author Comment

ID: 20321304
victorjones1: Thanks for the suggestion.  I have not changed my password for a while.  Just this AM the system prompted me that I have 14 days to do so.  This problem has been ongoing for about 8 days now.  Being this is a production/live server I am unable to reboot at the moment.  I'll reboot tonight.

Expert Comment

ID: 20321399
Do you use a boot script, group policy, or the Profile tab in Active Directory to automatically connect this folder at startup?

Try changing the server name to the ip address.  You don't have to reboot for that, and doing so will most likely resolve your issue.
LVL 13

Assisted Solution

cshepfam earned 75 total points
ID: 20321720
I think you should read this article i created.  It's similar to your problem and I believe it may help you out.  Though its for disk quota setup, it also talks about the situation you're facing.  It can't hurt and hopefully it helps.

Author Comment

ID: 20322022
On my AD server for my profile, my logon script is set to logon.vbs and my home folder is (X) Connect: H: to \\server-name\Information Systems\Employee\ASiemieniec

So I will change \\server-name\... to \\<IP Address>\...

While doing so on the server under my account on the profile tab, an error box appears.
Title: Active Directory
Message: The \\\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.
Buttons: OK

So, what's up with that?  Attached is the logon.vbs generic script we run.
On Error Resume Next

Dim GroupList

Set fso = CreateObject("Scripting.FileSystemObject")

Set WshShell = CreateObject("WScript.Shell")

Set WshNetwork = WScript.CreateObject("WScript.Network")


LogonPath = fso.GetParentFolderName(WScript.ScriptFullName)

'**************************************Group Mappings Based on Grouplist.csv*********************************

If fso.FileExists(logonpath&"\Grouplist.csv") Then

   Set grplist = Fso.OpenTextFile(logonpath&"\Grouplist.csv")

   ' make File into an Array

   aGroup = Split(grplist.Readall,vbcrlf)

   For I = 0 to UBound(GroupList) ' Check Every Group Membership the user is in (populated into Grouplist)

      grpname = Grouplist(i)

      For x = 0 to UBound(aGroup) ' Read the entire CSV to make sure all drives are mapped for each Group

         mapline = agroup(x)

         If InStr(LCase(mapline),LCase(grpname)) Then ' If you're in the group

            mapline = Mid(mapline,InStr(mapline,",")+1) ' Remove the GroupName from the line

            Drive = Left(mapline,InStr(mapline,",")-1) ' Extract Drive Letter

            Path = Mid(mapline,InStr(mapline,",")+1) ' Extract the path

            If (fso.DriveExists(drive) <> True) and (Drive<>"!!") Then ' If The Drive is not already mapped

               WshNetwork.MapNetworkDrive drive,path,true ' Map The Drive

               wscript.sleep 1000

            End If

        If Drive = "!!" then

               WSHNetwork.AddWindowsPrinterConnection Path

               wscript.sleep 1000

            end if

         End If



End If

'*************************************************Sub GetGroupInfo********************************************

Sub GetGroupInfo

Set UserObj = GetObject("WinNT://" & wshNetwork.UserDomain & "/" & WshNetwork.UserName)

Set Groups = UserObj.groups

For Each Group In Groups

	GroupCount = GroupCount + 1


ReDim GroupList(GroupCount -1)

i = 0

For Each Group In Groups

	GroupList(i) = Group.Name

	i = i + 1


End Sub

Open in new window


Expert Comment

ID: 20322065
Does this logon script map you to more than one folder or just your home folder. \\\Information Systems\Employee\JSmith?
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Expert Comment

ID: 20322102
Or did you change the server name to the ip here:

Connect:  Z:  To:  \\Information Systems\Employee\JSmith

on the profile tab in you AD user properties?

Expert Comment

ID: 20322145
I am not sure what you are trying to do with this VB script because I have not use VB for at least 5 years, but it seems like an overly complicated way of mapping multiple drives.  I use simple .bat files for this similar to:

@echo off

net use T: /delete
net use U: /delete
net use V: /delete
net use T: \\192.168.x.x\Depts /yes
net use U: \\192.168.x.x\Depts\Everyone /yes
net use V: \\192.168.x.x\scans\scan_folder /yes

Expert Comment

ID: 20322201

The \\\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.

error says to me that your file server has lost part of its connection to the domain controller, which is why it says you can't create any files on it.  It is looking to the DC for your user name but can't see it for some reason.  A reboot on both servers should fix this, and make sure you do not have a firewall blocking anything.

Also try to access the file server from remote desktop.  If you are able to access it using your user name that might also clear up the problem.

Author Comment

ID: 20322512
victorjones1: The file share server is the same machine as the DC.
Accessing the file server via RDP and logging in as myself, I ge the same error that I'm not able to delete/change/add any of my files.
The logon.vbs file looks at what group membership the user has.  Finds the group by name in the "grouplist.csv" file and applies a drive letter to it.  That way if JSmith is a member of Accounting, Scheduling, Reception that user will get the Accounting drive, Scheduling drive and Reception drive; others if needed.
I changed from server name to server IP in both my logon script/CSV file where it references the server as well as in my profile tab in my AD user properties.

cshepfam: I've read your article.  I'll try applying the same method you outlined to my structure.

Assisted Solution

victorjones1 earned 75 total points
ID: 20323789
Since this server is the DC as well as the problem server your permissions are being blocked somehow.  Try the server restart first to refresh all the DC's settings.  If that does not work, a group that your user belongs to is not allowed access to your folder.  

Are there any groups or users who have checks in the denied column of your folder?  Try creating a test user and giving the test access rights to that folder.  Your AD user's attributes may be corrupt.
LVL 18

Accepted Solution

PowerIT earned 350 total points
ID: 20326063
It's not only NTFS rights. On the share itself their are also rights, although simple once, which can block you.
On that server: right-click my computer, choose manage, browse to system tools/shared folders/shares. Right-click the share, choose properties, then the share permissions tab and verify if you have at least change rights.


Author Closing Comment

ID: 31410154
PowerIT: You nailed the problem. Can't believe I missed that setting.
victorjones1: You had great ideas and I apprechiate your help
cshepfam: I will be using the suggestions you made in your article to my server.


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
deny local logon 12 78
Server 2008-R2 lost password 19 96
Unknown AD user under VMWare OU 4 52
GPO - Prevent user group from saving files locally C; 8 72
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now