Solved

Unable to delete a file in my fileshare even though I am an administrator...

Posted on 2007-11-20
13
223 Views
Last Modified: 2013-12-04
Me, John Smith (names changed to protect the ignorant) :-) am unable to delete a file I should be able to.  On boot, H: is assigned to \\server-name\Information Systems.  From the XP desktop, I navigate to my Employee\JSmith share and attempt to delete a file.  I am unable to.  Windows returns an error saying "Cannot Delete <file name>: Access is denied".  I am failing to see why I am unable to delete this file... or any file for that matter.  I cannot create, edit, delete files on this share for some reason.

Path on server: D:\Information Systems\Employee\JSmith

File: test.txt

Permissions in folder JSmith:
- Allow: JSmith, Full Control, <not inherited>, This folder, subfolders and files
- Allow: CREATER OWNER, Full Conrol, <not inherited>, Subfolders and files only
- Allow: SYSTEM, Full Control, <not inherited>, This folder, subfolders and files
- Allow: Administrators (company.com\Administrators), Full Control, <not inherited>, This folder, subfolders and files

Owner (tab) of folder JSmith:
- Current owner of this item: John Smith (JSmith@company.com)

Effective Permissions (tab) of folder JSmith
- If I enter JSmith the system returns all check boxes as checked

I've tried checking "Replace permission entries on all child objects with entries shown here that apply to child objects" but it hasn't changed anything.  I still am unable to delete.

JSmith is a member of the enterprise admins, domain admins.
0
Comment
Question by:awsiemieniec
13 Comments
 
LVL 4

Expert Comment

by:victorjones1
ID: 20321229
Have you changed your password recently?  Run gpupdate /force from a command prompt on the server to update its group policy settings and also try rebooting the server.  Try changing \\server-name\Information Systems to the server's ip address, \\192.168.x.x\Information Systems.  Changing to the ip willusually fix this issue.
0
 

Author Comment

by:awsiemieniec
ID: 20321304
victorjones1: Thanks for the suggestion.  I have not changed my password for a while.  Just this AM the system prompted me that I have 14 days to do so.  This problem has been ongoing for about 8 days now.  Being this is a production/live server I am unable to reboot at the moment.  I'll reboot tonight.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20321399
Do you use a boot script, group policy, or the Profile tab in Active Directory to automatically connect this folder at startup?

Try changing the server name to the ip address.  You don't have to reboot for that, and doing so will most likely resolve your issue.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 75 total points
ID: 20321720
I think you should read this article i created.  It's similar to your problem and I believe it may help you out.  Though its for disk quota setup, it also talks about the situation you're facing.  It can't hurt and hopefully it helps.

http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=242108&messageID=2345392
0
 

Author Comment

by:awsiemieniec
ID: 20322022
On my AD server for my profile, my logon script is set to logon.vbs and my home folder is (X) Connect: H: to \\server-name\Information Systems\Employee\ASiemieniec

So I will change \\server-name\... to \\<IP Address>\...

While doing so on the server under my account on the profile tab, an error box appears.
Title: Active Directory
Message: The \\172.31.0.11\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.
Buttons: OK

So, what's up with that?  Attached is the logon.vbs generic script we run.
On Error Resume Next
 

Dim GroupList

Set fso = CreateObject("Scripting.FileSystemObject")

Set WshShell = CreateObject("WScript.Shell")

Set WshNetwork = WScript.CreateObject("WScript.Network")
 

GetGroupInfo()
 

LogonPath = fso.GetParentFolderName(WScript.ScriptFullName)
 

'**************************************Group Mappings Based on Grouplist.csv*********************************

If fso.FileExists(logonpath&"\Grouplist.csv") Then

   Set grplist = Fso.OpenTextFile(logonpath&"\Grouplist.csv")

   ' make File into an Array

   aGroup = Split(grplist.Readall,vbcrlf)

   For I = 0 to UBound(GroupList) ' Check Every Group Membership the user is in (populated into Grouplist)

      grpname = Grouplist(i)

      For x = 0 to UBound(aGroup) ' Read the entire CSV to make sure all drives are mapped for each Group

         mapline = agroup(x)

         If InStr(LCase(mapline),LCase(grpname)) Then ' If you're in the group

            mapline = Mid(mapline,InStr(mapline,",")+1) ' Remove the GroupName from the line

            Drive = Left(mapline,InStr(mapline,",")-1) ' Extract Drive Letter

            Path = Mid(mapline,InStr(mapline,",")+1) ' Extract the path
 

            If (fso.DriveExists(drive) <> True) and (Drive<>"!!") Then ' If The Drive is not already mapped

               WshNetwork.MapNetworkDrive drive,path,true ' Map The Drive

               wscript.sleep 1000

            End If
 

        If Drive = "!!" then

               WSHNetwork.AddWindowsPrinterConnection Path

               wscript.sleep 1000

            end if
 

         End If

      Next

   Next

End If
 
 

'*************************************************Sub GetGroupInfo********************************************

Sub GetGroupInfo
 

Set UserObj = GetObject("WinNT://" & wshNetwork.UserDomain & "/" & WshNetwork.UserName)

Set Groups = UserObj.groups
 

For Each Group In Groups

	GroupCount = GroupCount + 1

Next
 

ReDim GroupList(GroupCount -1)
 

i = 0
 

For Each Group In Groups

	GroupList(i) = Group.Name

	i = i + 1

Next
 
 

End Sub

Open in new window

0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322065
Does this logon script map you to more than one folder or just your home folder. \\172.31.0.11\Information Systems\Employee\JSmith?
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 4

Expert Comment

by:victorjones1
ID: 20322102
Or did you change the server name to the ip here:

Connect:  Z:  To:  \172.31.0.11\Information Systems\Employee\JSmith

on the profile tab in you AD user properties?
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322145
I am not sure what you are trying to do with this VB script because I have not use VB for at least 5 years, but it seems like an overly complicated way of mapping multiple drives.  I use simple .bat files for this similar to:

@echo off

net use T: /delete
net use U: /delete
net use V: /delete
net use T: \\192.168.x.x\Depts /yes
net use U: \\192.168.x.x\Depts\Everyone /yes
net use V: \\192.168.x.x\scans\scan_folder /yes
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322201
The

The \\172.31.0.11\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.

error says to me that your file server has lost part of its connection to the domain controller, which is why it says you can't create any files on it.  It is looking to the DC for your user name but can't see it for some reason.  A reboot on both servers should fix this, and make sure you do not have a firewall blocking anything.

Also try to access the file server from remote desktop.  If you are able to access it using your user name that might also clear up the problem.
0
 

Author Comment

by:awsiemieniec
ID: 20322512
victorjones1: The file share server is the same machine as the DC.
Accessing the file server via RDP and logging in as myself, I ge the same error that I'm not able to delete/change/add any of my files.
The logon.vbs file looks at what group membership the user has.  Finds the group by name in the "grouplist.csv" file and applies a drive letter to it.  That way if JSmith is a member of Accounting, Scheduling, Reception that user will get the Accounting drive, Scheduling drive and Reception drive; others if needed.
I changed from server name to server IP in both my logon script/CSV file where it references the server as well as in my profile tab in my AD user properties.

cshepfam: I've read your article.  I'll try applying the same method you outlined to my structure.
0
 
LVL 4

Assisted Solution

by:victorjones1
victorjones1 earned 75 total points
ID: 20323789
Since this server is the DC as well as the problem server your permissions are being blocked somehow.  Try the server restart first to refresh all the DC's settings.  If that does not work, a group that your user belongs to is not allowed access to your folder.  

Are there any groups or users who have checks in the denied column of your folder?  Try creating a test user and giving the test access rights to that folder.  Your AD user's attributes may be corrupt.
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 350 total points
ID: 20326063
It's not only NTFS rights. On the share itself their are also rights, although simple once, which can block you.
On that server: right-click my computer, choose manage, browse to system tools/shared folders/shares. Right-click the share, choose properties, then the share permissions tab and verify if you have at least change rights.

J.
0
 

Author Closing Comment

by:awsiemieniec
ID: 31410154
PowerIT: You nailed the problem. Can't believe I missed that setting.
victorjones1: You had great ideas and I apprechiate your help
cshepfam: I will be using the suggestions you made in your article to my server.
Thanks.

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now