[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

Domain users on XP machine cannot execute builtin apps

We have  a  Windows server 2003 domain. On one particular machine if a domain user logs in it allow applications that were installed under that user to execute but the built-in apps, like cmd.exe or notepad will not run. The system complains that the use does not have enough rights to access the programs. When you check the the security settings on these programs the user has full rights. If you log in to other XP machines in the domain it works fine. Any explanation for what might be wrong on this machine to prevent apps under the Windows directory from running?
0
jaycasler
Asked:
jaycasler
  • 2
  • 2
1 Solution
 
Neil RussellTechnical Development LeadCommented:
Is this computer in a different OU in ADUC to the others you have tested on? It could be  a Group policy enforcing security restrictions.
0
 
Don ThomsonCommented:
If the User on this machine has full rights - try going into security on the Windows folder and see what permissions they actually have - You may have to take ownership of the Windows folder and subfolders. I suspect that at one time or another, a different user may have taken ownership of those folders
0
 
jaycaslerAuthor Commented:
The user has full rights on Windows and its children. The system is the owner but when you check effective rights on, for example, cmd.exe the user has full privileges  but if you double click you get a pop-up that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" Not that this happens to all domain users who use this machine and they all work fine on the other XP machine in the shop. I know its some weird thing with this station but I can't put my finger on it. Also if you right click and "Run as Administrator" using the domain admin account it will work but obviously I don't want to give admin rights to the world
0
 
Don ThomsonCommented:
Have you tried creating a temporary user with the same rights as the problem user and log in as that user. Does the temp user have the same restrictions.  If that's the case you may need to do a repair on the XP installation.

If the Temp user is fine - then you may have a problem in the Current USer portion of the registry.

Log in as an Administrator and copy all of the files associated with the problem user to a temp location on the Drive. Make sure that any saved passwords like pop 3 etc are known.

Then Delete the user on the workstation -  - Check that the actual profile has been deleted - then log off and log back in as the user. This will create a new profile and all you need to do then is map any network drives that are not mapped via the sever login scripts and set up the email again. Move all their data back and you should be okay

You may want to do an NT Backup of the system before you start just to be safe
0
 
jaycaslerAuthor Commented:
So I finally went to the Windows directory and gave gave read/execute permissions to the Domain Users group and forced to to update all children with the advanced setting and that fixed it. Apparently the domain permissions wren't being recognized/used, just the local ones.

Thanks for everyones suggestions
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now