Domain users on XP machine cannot execute builtin apps

Posted on 2012-09-11
Last Modified: 2012-10-09
We have  a  Windows server 2003 domain. On one particular machine if a domain user logs in it allow applications that were installed under that user to execute but the built-in apps, like cmd.exe or notepad will not run. The system complains that the use does not have enough rights to access the programs. When you check the the security settings on these programs the user has full rights. If you log in to other XP machines in the domain it works fine. Any explanation for what might be wrong on this machine to prevent apps under the Windows directory from running?
Question by:jaycasler
    LVL 37

    Expert Comment

    Is this computer in a different OU in ADUC to the others you have tested on? It could be  a Group policy enforcing security restrictions.
    LVL 14

    Expert Comment

    by:Don Thomson
    If the User on this machine has full rights - try going into security on the Windows folder and see what permissions they actually have - You may have to take ownership of the Windows folder and subfolders. I suspect that at one time or another, a different user may have taken ownership of those folders

    Author Comment

    The user has full rights on Windows and its children. The system is the owner but when you check effective rights on, for example, cmd.exe the user has full privileges  but if you double click you get a pop-up that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" Not that this happens to all domain users who use this machine and they all work fine on the other XP machine in the shop. I know its some weird thing with this station but I can't put my finger on it. Also if you right click and "Run as Administrator" using the domain admin account it will work but obviously I don't want to give admin rights to the world
    LVL 14

    Expert Comment

    by:Don Thomson
    Have you tried creating a temporary user with the same rights as the problem user and log in as that user. Does the temp user have the same restrictions.  If that's the case you may need to do a repair on the XP installation.

    If the Temp user is fine - then you may have a problem in the Current USer portion of the registry.

    Log in as an Administrator and copy all of the files associated with the problem user to a temp location on the Drive. Make sure that any saved passwords like pop 3 etc are known.

    Then Delete the user on the workstation -  - Check that the actual profile has been deleted - then log off and log back in as the user. This will create a new profile and all you need to do then is map any network drives that are not mapped via the sever login scripts and set up the email again. Move all their data back and you should be okay

    You may want to do an NT Backup of the system before you start just to be safe

    Accepted Solution

    So I finally went to the Windows directory and gave gave read/execute permissions to the Domain Users group and forced to to update all children with the advanced setting and that fixed it. Apparently the domain permissions wren't being recognized/used, just the local ones.

    Thanks for everyones suggestions

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now