Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can only get access to certain shares when everyone permission is set.

Posted on 2008-06-24
13
Medium Priority
?
236 Views
Last Modified: 2011-10-19
Hi Experts...
This just started yesterday.  I'm the domain admin on our Windows 2000 domain.  The server these shares are on is running Server 2003 sp2.  
Here's what is going on:
 When i try to access shares on our file server's D: drive i get access denied, even though i'm part of the group that has full permission to that share.
Accessing the administrative share D$ works fine, as does folders on the root of the d: drive that aren't shared, as well as shares on the same server under the c: drive.  
The share permissions on the problem shares are Everyone full and NTFS permissions are domain admins group full control, which is the one I'm a member of.
If i give the everyone group NTFS permissions, then i'm able to access the shares.  
No one else seems to be having an issue, it's only with my domain account.
I've rebooted the server, my computer, and both domain controllers.
I've tried removing a share and then adding it back.
I've tried resetting the NTFS permissions on a share by selecting the "Replacing permission entries on all child objects...."  check box and allowing that to propagate.

I'm trying to avoid having to recreate my domain user account, anyone seen this before?
Advice is appreciated...
0
Comment
Question by:jjones2002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857319
For share permissions, put Everyone Full Control and Domain Admins - Full Control.  That should take care of it.
0
 

Author Comment

by:jjones2002
ID: 21857362
Hi TheCleaner, thanks for the post.
I tried your suggestion, but i'm still getting the access denied error.  I'm in the domain admins group.
Any others?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857555
Have you checked under NTFS settings, advanced, Effective Permissions?  put your username in there and see what options it checks for you.

That'd be my next suggestion.

Also, really make sure you are in the Domain Admins group that you are putting it in as a part of, and make sure there isn't any kind of Deny rights set.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:jjones2002
ID: 21857757
I put my username in and it came up with full rights, and checked the deny rights,  there are none set.
I'm def in the domain admins group.
Thanks for the suggestions.
This one is really stumping me.
Any others?

Here's a screenshot of one of the troublesome shares to confirm my permissions tests.

permissions.bmp
0
 

Author Comment

by:jjones2002
ID: 21858867
Anyone got ideas on this one?
I'm going to start recreating a domain account, but if someone can help me resolve this I'll dish the points out just as props...
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21859865
With the NTFS permissions correct, as you've shown, the last thing to really check since you can get to the D$ admin share is that the share permissions are incorrect or corrupt on the share you are trying to access.

Try doing a NET USE command from the command prompt and see if you get access that way or what error code is returned.
0
 

Author Comment

by:jjones2002
ID: 21860609
When i do a Net Use y: \\servername\it  the command completes successfully and a drive is mapped, but when i try to access that drive via command line or my computer, it won't let me.
Does that provide any more clues?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21860791
I'm lost at this point.  Try creating another new domain admin test account and see if that works.  If it does, then something isn't right with your account.  You could try removing it from the Domain Admins group and the Domain users group, etc. and then wait 15 minutes and add it back one group at a time until it works.
0
 

Author Comment

by:jjones2002
ID: 21864990
Wow, thats weird.
I logged into a different pc with my account and I'm able to access the shares no problem.
So this looks like it's a local issue, probably with a program installed or the pc itself.
I did manually uninstall an app this week because it wouldnt remove via add remove programs...but i didn't think that would have caused this issue...
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 450 total points
ID: 21865100
Try this:

1.  Log into your computer as another domain admin
2.  Move all your My docs, etc. from your profile to another location on the PC (backup)
3.  Delete your domain profile from your PC
4.  Log out
5.  Log in as you (should create a new Profile)
6.  Try to get to the share again
7.  Move back your backed up files
0
 

Author Comment

by:jjones2002
ID: 21875496
Thanks for the input.  But i couldn't copy my profile anywhere else, it kept giving me errors and so when i logged into the same pc it kept using the funky profile.
I ended up moving to another pc.
Thanks for the advice.
0
 
LVL 23

Assisted Solution

by:TheCleaner
TheCleaner earned 450 total points
ID: 21879113
While I have no objection to refunding your points, you should be careful about posting "but if someone can help me resolve this I'll dish the points out just as props...".  While I'm here at this point as a helpful voice, other experts on here depend on earning points to ask new questions with.  So just be careful in the future about how you word things.
0
 

Author Comment

by:jjones2002
ID: 21879131
My bad on that...and actually i think it bit me in the a**, because the issue started occuring again from the different pc.
I'm going to create a new domain account as that is all i can think of.
Thanks for your time spent on this issue though.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question