My Documents "Destination Folder Access Denied" in Windows Vista
Within our Domain we have the My Documents folder being redirected to a file server (\\fileserver\mydocs$\) via GPO. All of our users, with the exception of one, have no issues. However one of our users cannot create, save, or delete files within the redirected My Documents folder.
If you attempt to create a new Text Document, an error comes up stating, "You need permission to perform this operation". If you click cancel, it will create the text document with the default name of New Text Document.txt
Attempting to delete any files, including the New Text Document, results in the same error. I have reset the permissions on the folder, ensuring that the user is the owner - but her permissions setup is no different than any of the other users and even after resetting them, she still has the issue. Logging in with a test Domain User account also has the same results. Administrator accounts have no issues creating or deleting information from the My Documents folder. What is interesting is that if the user performs a SHIFT+DEL to permanently delete, it allows them to do so with no issues.
I have tried a gpupdate /force thinking perhaps it was a mis-sync from local copies to the network for some reason, but this did not resolve the issue. I have also tried disabling UAC, thinking that it was explicitly a Vista issue, but that was not the case. Any ideas of what setting on the local machine could be causing this behavior?
Permissions.bmp
If you attempt to create a new Text Document, an error comes up stating, "You need permission to perform this operation". If you click cancel, it will create the text document with the default name of New Text Document.txt
Attempting to delete any files, including the New Text Document, results in the same error. I have reset the permissions on the folder, ensuring that the user is the owner - but her permissions setup is no different than any of the other users and even after resetting them, she still has the issue. Logging in with a test Domain User account also has the same results. Administrator accounts have no issues creating or deleting information from the My Documents folder. What is interesting is that if the user performs a SHIFT+DEL to permanently delete, it allows them to do so with no issues.
I have tried a gpupdate /force thinking perhaps it was a mis-sync from local copies to the network for some reason, but this did not resolve the issue. I have also tried disabling UAC, thinking that it was explicitly a Vista issue, but that was not the case. Any ideas of what setting on the local machine could be causing this behavior?
Permissions.bmp
warturtle
Try using CCleaner (www.ccleaner.com) on that machine, maybe there's some unneeded entries in the registry that needs clearing up and then restart and try.
Another thing you can try is to download SubInACL.exe file from Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
Then query the folder that you are trying to access to see exactly what permission it is and then set the permissions using the SubInACL tool. A thread that will help you by giving sample script is here (although its only for admins, but you can change users and instead of setting permissions you can query them first):
https://www.experts-exchange.com/questions/21903279/Changing-Registry-Permissions-with-SubInACL-exe.html
Hope it helps.
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
Then query the folder that you are trying to access to see exactly what permission it is and then set the permissions using the SubInACL tool. A thread that will help you by giving sample script is here (although its only for admins, but you can change users and instead of setting permissions you can query them first):
https://www.experts-exchange.com/questions/21903279/Changing-Registry-Permissions-with-SubInACL-exe.html
Hope it helps.
ASKER
The problem is definitely not permissions. I was able to have the user try another PC within the Domain and it functioned perfectly fine, so it is something on the workstation that is preventing the user.
I tried deleting the local profile of the test account I was working with to see if that was the issue and now each time I login with the test account, Vista tells me there was a problem loading my profile and that it is creating a temporary profile.
I tried deleting the local profile of the test account I was working with to see if that was the issue and now each time I login with the test account, Vista tells me there was a problem loading my profile and that it is creating a temporary profile.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ChiefIT,
I have tried using netdom to reset the account, but had no success. The user on the laptop is able to access all network shares, but when it comes to the My Documents folder, it is all sorts of messed up.
I tried removing the computer from the domain, deleting the computer account, renaming the computer and adding it back to the domain, but that did not change anything.
Windows Firewall is disabled, we are using Kaspersky AV for our anti-virus, and I have tried disabling the AV temporarily thinking that may have been the cause, but no success there either.
I have tried using netdom to reset the account, but had no success. The user on the laptop is able to access all network shares, but when it comes to the My Documents folder, it is all sorts of messed up.
I tried removing the computer from the domain, deleting the computer account, renaming the computer and adding it back to the domain, but that did not change anything.
Windows Firewall is disabled, we are using Kaspersky AV for our anti-virus, and I have tried disabling the AV temporarily thinking that may have been the cause, but no success there either.
I have seen it where the computer makes two or more profiles and they can conflict.
If you open up documents and settings, how many profiles do you see for that person??
If you open up documents and settings, how many profiles do you see for that person??
ASKER
There is only one copy of the profiles on the workstation.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, good grief. I just had a thought that makes sense.
You may have managed passwords that are out of date to access this share. Go to control pannel>>users>>advanced>>m
If the managed passwords are out of date, you could have problems with permissions on the share.
You may have managed passwords that are out of date to access this share. Go to control pannel>>users>>advanced>>m
If the managed passwords are out of date, you could have problems with permissions on the share.
ASKER
Well, the odd part is that it is machine specific. The user can go to another workstation and it works fine. Another Test User (Domain User) has the same issues as the user. Domain Admins have no issues on the workstation.
I have tried:
gpupdate /force
Removing the computer from the domain / readding it to the domain.
Checking managed passwords; none stored.
Turning Windows Firewall Off.
I have not deleted and recreated the profile, simply because the issue affects the test account - which tells me that it is not a profile specific issue, but rather a machine-specific issue. I will test the My Network Places next to see if that is something that is amiss. I may also try disabling IPV6 and see what happens and post the results.
I have tried:
gpupdate /force
Removing the computer from the domain / readding it to the domain.
Checking managed passwords; none stored.
Turning Windows Firewall Off.
I have not deleted and recreated the profile, simply because the issue affects the test account - which tells me that it is not a profile specific issue, but rather a machine-specific issue. I will test the My Network Places next to see if that is something that is amiss. I may also try disabling IPV6 and see what happens and post the results.
Any joy Cameron?
ASKER
Unfortunately, no.
Eventually I just did a clean wipe & reload and haven't had the issue since. It was most certainly something on the computer that was causing the issue, perhaps a corrupt file that just wasn't playing nice. Couldn't peg exactly what it was though. For what it is worth, thanks for the advice though!
Eventually I just did a clean wipe & reload and haven't had the issue since. It was most certainly something on the computer that was causing the issue, perhaps a corrupt file that just wasn't playing nice. Couldn't peg exactly what it was though. For what it is worth, thanks for the advice though!
ASKER
Very knowledgeable, but too many variables in this problem. A good college try though! Awarding you the points since you were the most dedicated towards solving the issue.