?
Solved

Access denied to network share for all users on a specific client machine only

Posted on 2012-09-18
4
Medium Priority
?
902 Views
Last Modified: 2012-09-22
Hi all,

I have a single Windows 7 Pro 32b laptop being denied access to a specific share on a specific SBS server.

If any authenticated domain user account (including members of Domain Admins) attempts to access this specific network share from the device, they get the "You do not have permissions to access this share, please contact network admin" etc error.

All other shares on the server are accessible from this laptop and the problem share is accessible from any other computer on the domain.

I have:

1) gone through the permissions with a fine tooth-comb (Share permissions set to "everyone: Full control" and NTFS set to "Domain Users: Modify") as well as sharing/unsharing the folder, adding "Everyone: full control" to the NTFS permissions. Checking the "Effective permissions" for any given user seems to check out fine.

2) Removed and re-added the client machine to the domain

3) Checked for cached local machine passwords for the share/specific users

4) Checked for any GPs or other controls which may be denying access to a given resource for a given machine - can't find anything!

and I still can't fathom this one out!

Any ideas
0
Comment
Question by:Iain_Parity
  • 2
4 Comments
 
LVL 9

Expert Comment

by:tomcahill
ID: 38412247
When I get stumped like this I will often try downloading and running ComboFix.

http://www.bleepingcomputer.com/download/combofix/

Often there is some malware causing the craziness.
0
 

Author Comment

by:Iain_Parity
ID: 38412268
Hi Tom,

I have already run Malware Bytes and the machine has an active, current version of ESET NOD32 as well, but I will certainly give this a go...I am running out of ideas!

Additional info for this issue:

1) It is interesting to note that trying to browse or map to this share doesn't prompt for authentication as it would/does for other shares to which a logged on account doesn't have permissions - it just defaults to "You do not have access"

2) I have tried net use /delete * to clear down any residual connections to the share - it does clear down but makes no difference to the issue

3) The only other thing that stands out as slightly different/odd about this share is that, when you look at the "Sharing" tab from the folder in Explorer, the top "Share" option is greyed out, but the "ADvanced share" options are available???

Weird..
0
 
LVL 81

Accepted Solution

by:
arnold earned 1500 total points
ID: 38412332
Check the server where the share is for stale sessions.  The issue could be in the sync/offline caching database.

Double check to make sure there are no unsynchronized files.

The issue often applies to one user rather than to every user.
See whether the issue is limited to accessing \\server\sharename where  \\ipaddress\sharename works.

The other issue could be that the shares are persistently mapped, and this is a replacement server where the credentials do not match and access is denied.  You could use GPO login script to detach net use <driveletter>: /delete
net use <driveletter>: \\server\sharename
And see if that corrects the issue.

Resetting netcache/disabling offline access might be another way to fix.

Using sysinternals process monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
You could try using the tool while you try to access the share.
0
 

Author Comment

by:Iain_Parity
ID: 38425352
Hi Arnold,

Thanks for the response - you put me on the right track to finally solve this one!

It was something in the local offline folders/files DB causing the issues.

I turned off off-line folders and restarted - the problem went away.

If I turned it back on again, the problem returned.

Finally I forced a reset/trash of the off-line DB using the regkey method here which solved the issue and allowed me to turn Off-line folders back on.

Thanks all.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question