plokij5006
asked on
Cant access shares locally on Server 2003.
Hi,
I have a problem which looks like it may be related to this question:
https://www.experts-exchange.com/questions/21212498/Can't-access-local-shares-in-2003.html?anchorAnswerId=12637036#a12637036
The difference is that I can access the shares and run programs from the shares when this is done over the network but not when logged on locally to the server. I need to be able to do this as we have a database application that needs to access a specific drive letter (X:) and this is to be used by Terminal Services clients. I can run the application direct from the hard drive but as soon as I map the drive as X: and try to run it through the share I get the following: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item". I have tried copying the location, creating the share from scratch and setting up permissions every way I can think of but no joy.
As per the other question I thought it might be a Security Policy issue but I cant see anything which might be stopping me doing this here either. I have also tried taking ownership and explicitly granting permission to myself and this does not work so I think it must be share related and NTFS permission related. Help!
I have a problem which looks like it may be related to this question:
https://www.experts-exchange.com/questions/21212498/Can't-access-local-shares-in-2003.html?anchorAnswerId=12637036#a12637036
The difference is that I can access the shares and run programs from the shares when this is done over the network but not when logged on locally to the server. I need to be able to do this as we have a database application that needs to access a specific drive letter (X:) and this is to be used by Terminal Services clients. I can run the application direct from the hard drive but as soon as I map the drive as X: and try to run it through the share I get the following: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item". I have tried copying the location, creating the share from scratch and setting up permissions every way I can think of but no joy.
As per the other question I thought it might be a Security Policy issue but I cant see anything which might be stopping me doing this here either. I have also tried taking ownership and explicitly granting permission to myself and this does not work so I think it must be share related and NTFS permission related. Help!
ASKER
If I try the same with a zip file I get the message "Your current security settings do not allow this action".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think that may be it Snoopfrogg, I added \\servername to the Trusted Sites list and now the .exe runs albeit with a Security Warning. I am presuming that if I un-install IE Enhanced Security Configuration this will get rid of the Security Warning also. problem is, this server is going to have around a dozen users all accessing the application over Terminal Services - I dont know if I want to give them the ability to use IE without the Enhanced Security for obvious reasons. Any idea how to tacklle this so they don't get the Security Warning every time they run the .exe but the server still has IE locked down?
Ah, valid point.
What is the specific security warning you're seeing?
What is the specific security warning you're seeing?
ASKER
Sorry for the delay in responding, the warning is: "Open File - Security Warning - The Publisher could not be verified, are you sure you want to run this software?" I assume this is because ESC is still installed on this server.
Here are a couple of suggestions: http://techarold.blogspot.com/2006/06/open-file-security-warning-publisher.html. Notice that the article references the Local Intranet Zone.
Control Panel, Internet Options, Security tab, Local Intranet, Sites, Advanced, add \\Server\share as a website to the "zone".
There is also this option that may help with programs on a local drive: Control Panel, System, Advanced, Performance Settings, Data Execution Prevention. You can turn DEP on for everything "except those I select", and manually add them to the list. Changing the DEP setting requires a reboot.
Control Panel, Internet Options, Security tab, Local Intranet, Sites, Advanced, add \\Server\share as a website to the "zone".
There is also this option that may help with programs on a local drive: Control Panel, System, Advanced, Performance Settings, Data Execution Prevention. You can turn DEP on for everything "except those I select", and manually add them to the list. Changing the DEP setting requires a reboot.
ASKER
Thanks Snoopfrogg, that seems to work. I will accept both your responses as the solution.
Thanks again!
Thanks again!
ASKER
I am beginning to think even more that this may be to do with group policy, any ideas anyone?
Neil