Solved

Unable to delete a file in my fileshare even though I am an administrator...

Posted on 2007-11-20
13
227 Views
Last Modified: 2013-12-04
Me, John Smith (names changed to protect the ignorant) :-) am unable to delete a file I should be able to.  On boot, H: is assigned to \\server-name\Information Systems.  From the XP desktop, I navigate to my Employee\JSmith share and attempt to delete a file.  I am unable to.  Windows returns an error saying "Cannot Delete <file name>: Access is denied".  I am failing to see why I am unable to delete this file... or any file for that matter.  I cannot create, edit, delete files on this share for some reason.

Path on server: D:\Information Systems\Employee\JSmith

File: test.txt

Permissions in folder JSmith:
- Allow: JSmith, Full Control, <not inherited>, This folder, subfolders and files
- Allow: CREATER OWNER, Full Conrol, <not inherited>, Subfolders and files only
- Allow: SYSTEM, Full Control, <not inherited>, This folder, subfolders and files
- Allow: Administrators (company.com\Administrators), Full Control, <not inherited>, This folder, subfolders and files

Owner (tab) of folder JSmith:
- Current owner of this item: John Smith (JSmith@company.com)

Effective Permissions (tab) of folder JSmith
- If I enter JSmith the system returns all check boxes as checked

I've tried checking "Replace permission entries on all child objects with entries shown here that apply to child objects" but it hasn't changed anything.  I still am unable to delete.

JSmith is a member of the enterprise admins, domain admins.
0
Comment
Question by:awsiemieniec
13 Comments
 
LVL 4

Expert Comment

by:victorjones1
ID: 20321229
Have you changed your password recently?  Run gpupdate /force from a command prompt on the server to update its group policy settings and also try rebooting the server.  Try changing \\server-name\Information Systems to the server's ip address, \\192.168.x.x\Information Systems.  Changing to the ip willusually fix this issue.
0
 

Author Comment

by:awsiemieniec
ID: 20321304
victorjones1: Thanks for the suggestion.  I have not changed my password for a while.  Just this AM the system prompted me that I have 14 days to do so.  This problem has been ongoing for about 8 days now.  Being this is a production/live server I am unable to reboot at the moment.  I'll reboot tonight.
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20321399
Do you use a boot script, group policy, or the Profile tab in Active Directory to automatically connect this folder at startup?

Try changing the server name to the ip address.  You don't have to reboot for that, and doing so will most likely resolve your issue.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 75 total points
ID: 20321720
I think you should read this article i created.  It's similar to your problem and I believe it may help you out.  Though its for disk quota setup, it also talks about the situation you're facing.  It can't hurt and hopefully it helps.

http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=242108&messageID=2345392
0
 

Author Comment

by:awsiemieniec
ID: 20322022
On my AD server for my profile, my logon script is set to logon.vbs and my home folder is (X) Connect: H: to \\server-name\Information Systems\Employee\ASiemieniec

So I will change \\server-name\... to \\<IP Address>\...

While doing so on the server under my account on the profile tab, an error box appears.
Title: Active Directory
Message: The \\172.31.0.11\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.
Buttons: OK

So, what's up with that?  Attached is the logon.vbs generic script we run.
On Error Resume Next
 
Dim GroupList
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
 
GetGroupInfo()
 
LogonPath = fso.GetParentFolderName(WScript.ScriptFullName)
 
'**************************************Group Mappings Based on Grouplist.csv*********************************
If fso.FileExists(logonpath&"\Grouplist.csv") Then
   Set grplist = Fso.OpenTextFile(logonpath&"\Grouplist.csv")
   ' make File into an Array
   aGroup = Split(grplist.Readall,vbcrlf)
   For I = 0 to UBound(GroupList) ' Check Every Group Membership the user is in (populated into Grouplist)
      grpname = Grouplist(i)
      For x = 0 to UBound(aGroup) ' Read the entire CSV to make sure all drives are mapped for each Group
         mapline = agroup(x)
         If InStr(LCase(mapline),LCase(grpname)) Then ' If you're in the group
            mapline = Mid(mapline,InStr(mapline,",")+1) ' Remove the GroupName from the line
            Drive = Left(mapline,InStr(mapline,",")-1) ' Extract Drive Letter
            Path = Mid(mapline,InStr(mapline,",")+1) ' Extract the path
 
            If (fso.DriveExists(drive) <> True) and (Drive<>"!!") Then ' If The Drive is not already mapped
               WshNetwork.MapNetworkDrive drive,path,true ' Map The Drive
               wscript.sleep 1000
            End If
 
        If Drive = "!!" then
               WSHNetwork.AddWindowsPrinterConnection Path
               wscript.sleep 1000
            end if
 
         End If
      Next
   Next
End If
 
 
'*************************************************Sub GetGroupInfo********************************************
Sub GetGroupInfo
 
Set UserObj = GetObject("WinNT://" & wshNetwork.UserDomain & "/" & WshNetwork.UserName)
Set Groups = UserObj.groups
 
For Each Group In Groups
	GroupCount = GroupCount + 1
Next
 
ReDim GroupList(GroupCount -1)
 
i = 0
 
For Each Group In Groups
	GroupList(i) = Group.Name
	i = i + 1
Next
 
 
End Sub

Open in new window

0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322065
Does this logon script map you to more than one folder or just your home folder. \\172.31.0.11\Information Systems\Employee\JSmith?
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322102
Or did you change the server name to the ip here:

Connect:  Z:  To:  \172.31.0.11\Information Systems\Employee\JSmith

on the profile tab in you AD user properties?
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322145
I am not sure what you are trying to do with this VB script because I have not use VB for at least 5 years, but it seems like an overly complicated way of mapping multiple drives.  I use simple .bat files for this similar to:

@echo off

net use T: /delete
net use U: /delete
net use V: /delete
net use T: \\192.168.x.x\Depts /yes
net use U: \\192.168.x.x\Depts\Everyone /yes
net use V: \\192.168.x.x\scans\scan_folder /yes
0
 
LVL 4

Expert Comment

by:victorjones1
ID: 20322201
The

The \\172.31.0.11\Information Systems\Employee\JSmith home folder was not created because you do not have create access on the server.  The user account has been updated with the new home folder value but you just create the directory manually after obtaining the required access rights.

error says to me that your file server has lost part of its connection to the domain controller, which is why it says you can't create any files on it.  It is looking to the DC for your user name but can't see it for some reason.  A reboot on both servers should fix this, and make sure you do not have a firewall blocking anything.

Also try to access the file server from remote desktop.  If you are able to access it using your user name that might also clear up the problem.
0
 

Author Comment

by:awsiemieniec
ID: 20322512
victorjones1: The file share server is the same machine as the DC.
Accessing the file server via RDP and logging in as myself, I ge the same error that I'm not able to delete/change/add any of my files.
The logon.vbs file looks at what group membership the user has.  Finds the group by name in the "grouplist.csv" file and applies a drive letter to it.  That way if JSmith is a member of Accounting, Scheduling, Reception that user will get the Accounting drive, Scheduling drive and Reception drive; others if needed.
I changed from server name to server IP in both my logon script/CSV file where it references the server as well as in my profile tab in my AD user properties.

cshepfam: I've read your article.  I'll try applying the same method you outlined to my structure.
0
 
LVL 4

Assisted Solution

by:victorjones1
victorjones1 earned 75 total points
ID: 20323789
Since this server is the DC as well as the problem server your permissions are being blocked somehow.  Try the server restart first to refresh all the DC's settings.  If that does not work, a group that your user belongs to is not allowed access to your folder.  

Are there any groups or users who have checks in the denied column of your folder?  Try creating a test user and giving the test access rights to that folder.  Your AD user's attributes may be corrupt.
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 350 total points
ID: 20326063
It's not only NTFS rights. On the share itself their are also rights, although simple once, which can block you.
On that server: right-click my computer, choose manage, browse to system tools/shared folders/shares. Right-click the share, choose properties, then the share permissions tab and verify if you have at least change rights.

J.
0
 

Author Closing Comment

by:awsiemieniec
ID: 31410154
PowerIT: You nailed the problem. Can't believe I missed that setting.
victorjones1: You had great ideas and I apprechiate your help
cshepfam: I will be using the suggestions you made in your article to my server.
Thanks.

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question