Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Access Denied when attempting to connect to share via UNC path

Posted on 2009-04-07
2
567 Views
Last Modified: 2013-12-23
I have a share on a Windows 2003 ( server1 ) named sqlback.

The everyone one group has full control over this share.
Administrators, system, sa_SQL2k5 and the group dbrefresh all have full control to the sqlback folder and all sub folders and files.

The user test is a member of the dbrefresh group. Using the effective permissions tab on the 2003 box I can see that the user test has full control over the sqlback folder and all the files in it.

This is the only access that test has to server1.

However, if test tries to access the share using a UNC path, the message "Access is Denied" is displayed.

Looking at the security event log on server1, I can only see sucessfully logins, there are no failure audits that corespond to the access denied (there is also nothing on the workstation I am using to connect to the share).

Additionally, if you look at the Shared Folders snap-in and the Sessions node, I can see that the test user is connected to server1.

Even more interstingly, I can sucessfully map a drive to the share from the command prompt using net use. However, if I then dir the drive, the dir comes back with "File not found".

And now moving into the realm of bizare, I can actually write to share via the mapped drive from the command line.

For example if I do mkdir test the test folder will appear under the share(spotted using explorer on server1), however doing a dir from mapped drive still shows "File Not Found".

Also if I try and browse the mapped drive from explorer I will also get access denied.

I have tried adding the test users directly to the Administrators group on server1, however the problem still persists, so I am thinking there is issues at the share or network work communication level.

I am hoping some of the experts here have any ideas.

We have restricteive GPo which sets all the user rights assignment values, so I am guessing it is something with this that is causing the problem. I will list out all the settings if it is helpful, but I am hoping someone has experienced this before and can narrow it down a bit first!
0
Comment
Question by:d_illicit
2 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 24190642
it seems that the SHARE level permission has been granted but not the corresponding NTFS permissions. please double check the NTFS permissions of the folder and sub-folders...

hope it helps,
bbao
0
 
LVL 1

Accepted Solution

by:
d_illicit earned 0 total points
ID: 24292545
No it wasn't share level permissions, it was the GPO setting Bypass traverse settings.
The function group needed to be added to this setting to allow proper access to the share.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question