MACs using Windows shares; permissions issues

Posted on 2013-01-03
Medium Priority
Last Modified: 2013-02-24
Hello. Have a new location that is a mix of MAC and Windows, but mostly MAC. They have a Windows server (2012) that is hosting file shares. The MAC users need to be able to create, delete, edit, rename, etc. folders and files under these MAC shares. Currently, when using the Command + K to connect to the smb shares via smb://machinenamehere/sharename.  When prompted for credentials, we are entering the users windows network account name, like "deb" for example; and then her windows password. The issuse is that the MAC users are getting blocked from editing files, folders, etc. under the Windows share. Really need help getting this fixed; it is driving the client, and me mad!  Thanks for insight from those who have MAC/Win mixed environment experience.
Question by:StewartTechnologies
  • 6
  • 3

Expert Comment

ID: 38740708
You will need to modify the NTFS permissions on the Windows 2012 server. In your example make sure user Deb has MODIFY permission to the files/folders.

Other than editing the NTFS/Active Directory account it's not different from windows file share admin.

Hope that helps.

Author Comment

ID: 38740757
Hello. Thank you for the comment.  The user/users do have full access to the shares via the windows file sharing security /rights.  I agree that it should be no different than NTFS/AD shares and security, and yet, I am having these access issues.

Assisted Solution

s3e3 earned 800 total points
ID: 38740810
Check the Windows Server Event Log. Do you seen any errors you can share ?

I had to do the follow a while back however this was on a Windows 2008 server:

Disable SMB Signing

Microsoft network client: Digitally sign communications (always) set to disabled
Microsoft network server: Digitally sign communications (always) set to disabled

    Goto to the file server



    type gpedit.msc and hit OK

    Within GPEDIT go to Computer Configuration

    Windows Settings

    Security Options

    Local Policies

    Find the aforementioned policies in the right hand pane and set them to disabled
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.


Author Comment

ID: 38740851
Thank you again for this good info. I have already done this edit as part of my troubleshooting.  Keep those ideas coming!

Expert Comment

ID: 38740880
Make sure you reboot the windows server after the registry change.

Author Comment

ID: 38741035
My thought on this...
The issue appears to be the the Windows users are not passing thru (or vice versa) to the mac finder, connections. When attempting to rename a folder, for example; I am getting error "finder wants to make changes - type your password to allow this"  The prefilled username is not the users windows name but the mac machine name.  Even if I type in the windows name and correct password, I'm still not able to make the changes. Then, I get a "you don't have permission to rename the item <insert folder name here>" error.
LVL 15

Accepted Solution

Justin Pierce, CEH, CNDA earned 1200 total points
ID: 38744749
Hi Stewart,

   As I was reading your question I was swiftly taken back to the days of making tons of edits with file permissions and propagating them down from parent to child. Anyways, please read this Microsoft forum:


cverrier is the post that you are looking for. It is the second box down.

Your problem is most likely the permissions with the folders that your users are accessing, as well as the permissions with everything inside that folder. In short, it is not your Macs but the MS server that is the problem.

Hope this helps.

Author Comment

ID: 38745346
Hi MacGuy47.  Thank you for your comments / input. I have checked and rechecked the folder permissions and security.  I did review the link you sent, and I appreciate that info. I will double-check these details again, just to be sure.

I just want to stress that the errors are only occurring when Mac users are accessing shares. Those same user accounts (and others), when accessing the same shares via Windows PCs are not having any issues.

Author Comment

ID: 38745475
** update ** I may have had a break through here. I had always felt like the issue was that the AD permissions were not 'passing thru' to the MACs or vice-versa, and that's why the users were not able to edit/get to what they needed. I just didn't know how to explain that, or ask where those credentials go in a MAC 'mapping' to a windows share.

After getting NO help with Apple Care, I called in some MAC resources.  One of them suggested unbinding and rebinding the machines to the Active Directory. Once I got into this process, I realized that even though the 'bind' was showing a greeen dot, they were not really bound.  Once I unbound and rebound, then I was getting the active directory pass-thru I was expecting.  

See link here for general instructions on the binding. http://www.trainsignal.com/blog/join-mac-to-windows-domain.

Once I did that, it was looking better. Removed entry from keychain for the shared resource. Connected again. Didn't get prompted for credentials because they were coming thru from AD!!!  So, I think these permissions items are 95% resolved now. We could still have some minor issues, but that might be more closely related to MACguy47's posting.

Also, unrelated, but related to this, the weird ownership changes (another layer of an issues) I am seeing may be coming from a backup to a NAS device run from one of the MACs. Note the warning message highlighted towards the bottom of the first image. The second snip is the results / or 'unknown' account an it's permissions meddling.

Author Closing Comment

ID: 38923811
Thanks to all that contributed.
So, how did this all shake out?  We ended up getting Microsoft involved after days of not being able to resolve permissions issues. It turns out that Microsoft was also perplexed by our continued permissions issues and they are involved in trying to figure out what is going on. The server was decommisioned (and replaced with a MAC server), and Microsoft will be testing the 'troublesome server'. Right now, they are only saying it is 'unexpected behavior'. Seems to be related to migration from SBS 2003 to Server Essentials 2012. What a nightmare this was!

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question