Solved

Can only get access to certain shares when everyone permission is set.

Posted on 2008-06-24
13
228 Views
Last Modified: 2011-10-19
Hi Experts...
This just started yesterday.  I'm the domain admin on our Windows 2000 domain.  The server these shares are on is running Server 2003 sp2.  
Here's what is going on:
 When i try to access shares on our file server's D: drive i get access denied, even though i'm part of the group that has full permission to that share.
Accessing the administrative share D$ works fine, as does folders on the root of the d: drive that aren't shared, as well as shares on the same server under the c: drive.  
The share permissions on the problem shares are Everyone full and NTFS permissions are domain admins group full control, which is the one I'm a member of.
If i give the everyone group NTFS permissions, then i'm able to access the shares.  
No one else seems to be having an issue, it's only with my domain account.
I've rebooted the server, my computer, and both domain controllers.
I've tried removing a share and then adding it back.
I've tried resetting the NTFS permissions on a share by selecting the "Replacing permission entries on all child objects...."  check box and allowing that to propagate.

I'm trying to avoid having to recreate my domain user account, anyone seen this before?
Advice is appreciated...
0
Comment
Question by:jjones2002
  • 7
  • 6
13 Comments
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857319
For share permissions, put Everyone Full Control and Domain Admins - Full Control.  That should take care of it.
0
 

Author Comment

by:jjones2002
ID: 21857362
Hi TheCleaner, thanks for the post.
I tried your suggestion, but i'm still getting the access denied error.  I'm in the domain admins group.
Any others?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21857555
Have you checked under NTFS settings, advanced, Effective Permissions?  put your username in there and see what options it checks for you.

That'd be my next suggestion.

Also, really make sure you are in the Domain Admins group that you are putting it in as a part of, and make sure there isn't any kind of Deny rights set.
0
 

Author Comment

by:jjones2002
ID: 21857757
I put my username in and it came up with full rights, and checked the deny rights,  there are none set.
I'm def in the domain admins group.
Thanks for the suggestions.
This one is really stumping me.
Any others?

Here's a screenshot of one of the troublesome shares to confirm my permissions tests.

permissions.bmp
0
 

Author Comment

by:jjones2002
ID: 21858867
Anyone got ideas on this one?
I'm going to start recreating a domain account, but if someone can help me resolve this I'll dish the points out just as props...
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21859865
With the NTFS permissions correct, as you've shown, the last thing to really check since you can get to the D$ admin share is that the share permissions are incorrect or corrupt on the share you are trying to access.

Try doing a NET USE command from the command prompt and see if you get access that way or what error code is returned.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:jjones2002
ID: 21860609
When i do a Net Use y: \\servername\it  the command completes successfully and a drive is mapped, but when i try to access that drive via command line or my computer, it won't let me.
Does that provide any more clues?
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 21860791
I'm lost at this point.  Try creating another new domain admin test account and see if that works.  If it does, then something isn't right with your account.  You could try removing it from the Domain Admins group and the Domain users group, etc. and then wait 15 minutes and add it back one group at a time until it works.
0
 

Author Comment

by:jjones2002
ID: 21864990
Wow, thats weird.
I logged into a different pc with my account and I'm able to access the shares no problem.
So this looks like it's a local issue, probably with a program installed or the pc itself.
I did manually uninstall an app this week because it wouldnt remove via add remove programs...but i didn't think that would have caused this issue...
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 150 total points
ID: 21865100
Try this:

1.  Log into your computer as another domain admin
2.  Move all your My docs, etc. from your profile to another location on the PC (backup)
3.  Delete your domain profile from your PC
4.  Log out
5.  Log in as you (should create a new Profile)
6.  Try to get to the share again
7.  Move back your backed up files
0
 

Author Comment

by:jjones2002
ID: 21875496
Thanks for the input.  But i couldn't copy my profile anywhere else, it kept giving me errors and so when i logged into the same pc it kept using the funky profile.
I ended up moving to another pc.
Thanks for the advice.
0
 
LVL 23

Assisted Solution

by:TheCleaner
TheCleaner earned 150 total points
ID: 21879113
While I have no objection to refunding your points, you should be careful about posting "but if someone can help me resolve this I'll dish the points out just as props...".  While I'm here at this point as a helpful voice, other experts on here depend on earning points to ask new questions with.  So just be careful in the future about how you word things.
0
 

Author Comment

by:jjones2002
ID: 21879131
My bad on that...and actually i think it bit me in the a**, because the issue started occuring again from the different pc.
I'm going to create a new domain account as that is all i can think of.
Thanks for your time spent on this issue though.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now