?
Solved

Can only get access to certain shares when everyone permission is set.

Posted on 2008-06-24
13
Medium Priority
?
237 Views
Last Modified: 2011-10-19
Hi Experts...
This just started yesterday.  I'm the domain admin on our Windows 2000 domain.  The server these shares are on is running Server 2003 sp2.  
Here's what is going on:
 When i try to access shares on our file server's D: drive i get access denied, even though i'm part of the group that has full permission to that share.
Accessing the administrative share D$ works fine, as does folders on the root of the d: drive that aren't shared, as well as shares on the same server under the c: drive.  
The share permissions on the problem shares are Everyone full and NTFS permissions are domain admins group full control, which is the one I'm a member of.
If i give the everyone group NTFS permissions, then i'm able to access the shares.  
No one else seems to be having an issue, it's only with my domain account.
I've rebooted the server, my computer, and both domain controllers.
I've tried removing a share and then adding it back.
I've tried resetting the NTFS permissions on a share by selecting the "Replacing permission entries on all child objects...."  check box and allowing that to propagate.

I'm trying to avoid having to recreate my domain user account, anyone seen this before?
Advice is appreciated...
0
Comment
Question by:jjones2002
  • 7
  • 6
13 Comments
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857319
For share permissions, put Everyone Full Control and Domain Admins - Full Control.  That should take care of it.
0
 

Author Comment

by:jjones2002
ID: 21857362
Hi TheCleaner, thanks for the post.
I tried your suggestion, but i'm still getting the access denied error.  I'm in the domain admins group.
Any others?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857555
Have you checked under NTFS settings, advanced, Effective Permissions?  put your username in there and see what options it checks for you.

That'd be my next suggestion.

Also, really make sure you are in the Domain Admins group that you are putting it in as a part of, and make sure there isn't any kind of Deny rights set.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:jjones2002
ID: 21857757
I put my username in and it came up with full rights, and checked the deny rights,  there are none set.
I'm def in the domain admins group.
Thanks for the suggestions.
This one is really stumping me.
Any others?

Here's a screenshot of one of the troublesome shares to confirm my permissions tests.

permissions.bmp
0
 

Author Comment

by:jjones2002
ID: 21858867
Anyone got ideas on this one?
I'm going to start recreating a domain account, but if someone can help me resolve this I'll dish the points out just as props...
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21859865
With the NTFS permissions correct, as you've shown, the last thing to really check since you can get to the D$ admin share is that the share permissions are incorrect or corrupt on the share you are trying to access.

Try doing a NET USE command from the command prompt and see if you get access that way or what error code is returned.
0
 

Author Comment

by:jjones2002
ID: 21860609
When i do a Net Use y: \\servername\it  the command completes successfully and a drive is mapped, but when i try to access that drive via command line or my computer, it won't let me.
Does that provide any more clues?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21860791
I'm lost at this point.  Try creating another new domain admin test account and see if that works.  If it does, then something isn't right with your account.  You could try removing it from the Domain Admins group and the Domain users group, etc. and then wait 15 minutes and add it back one group at a time until it works.
0
 

Author Comment

by:jjones2002
ID: 21864990
Wow, thats weird.
I logged into a different pc with my account and I'm able to access the shares no problem.
So this looks like it's a local issue, probably with a program installed or the pc itself.
I did manually uninstall an app this week because it wouldnt remove via add remove programs...but i didn't think that would have caused this issue...
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 450 total points
ID: 21865100
Try this:

1.  Log into your computer as another domain admin
2.  Move all your My docs, etc. from your profile to another location on the PC (backup)
3.  Delete your domain profile from your PC
4.  Log out
5.  Log in as you (should create a new Profile)
6.  Try to get to the share again
7.  Move back your backed up files
0
 

Author Comment

by:jjones2002
ID: 21875496
Thanks for the input.  But i couldn't copy my profile anywhere else, it kept giving me errors and so when i logged into the same pc it kept using the funky profile.
I ended up moving to another pc.
Thanks for the advice.
0
 
LVL 23

Assisted Solution

by:TheCleaner
TheCleaner earned 450 total points
ID: 21879113
While I have no objection to refunding your points, you should be careful about posting "but if someone can help me resolve this I'll dish the points out just as props...".  While I'm here at this point as a helpful voice, other experts on here depend on earning points to ask new questions with.  So just be careful in the future about how you word things.
0
 

Author Comment

by:jjones2002
ID: 21879131
My bad on that...and actually i think it bit me in the a**, because the issue started occuring again from the different pc.
I'm going to create a new domain account as that is all i can think of.
Thanks for your time spent on this issue though.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question