We help IT Professionals succeed at work.

Access Denied w/ Full Control

1,600 Views
Last Modified: 2014-05-27
We have a user in a Server 2008 domain environment who remotes into the server for desktop & folder access. The user is receiving an Access Denied error when attempting to access any folders for their location/OU, even though they are set with full control. Their folder permissions match the other managers who have no issues.

Any suggestions as to what might cause this?
Comment
Watch Question

CoralonSenior Citrix Engineer
CERTIFIED EXPERT

Commented:
A lot depends on where those folders are..  The system has some built in restrictions that prevent access to certain files, even if you have full control (typically under the Windows directory itself, and portions of the Program Files & Program Files (x86) directories.

Another possibility is UAC.. again, certain areas will block you if UAC is enabled, and you are trying to create/modify/delete files that are in specific areas.  (same as above).  

A 3rd possibility is if the files/folders are remote to their login (not on the machine they are one, is if Access based enumeration is enabled, then it's possible for the NTFS permissions to be correct for the user, but they can't see it because they are not *on* that machine where the file is.  

The last possibility I can think of (right off the top of my head) is if there was a deny on those items, which could cause this (pretty unlikely though).

An important question though - are you assigning individual user permissions to these directories/files? and are they unique to those users?  If you have more than 1 person who will ever access them, there should be a group to assign those permissions.

I'd also look at the ownership of the directories & files to see how they sit.

Coralon
CERTIFIED EXPERT
Top Expert 2007

Commented:
I think we need more info.
What folders are they trying to get into - local or remote?
What does
cacls x:\the folder location\
return for that user?
Have you checked the effective permissions for that user on the folder (right-click, properties, security, advanced)

Author

Commented:
This is a group environment where there are separate OUs and security groups based up on their physical locations. Their home folders are designated as the main shared folder for their location. All users have remote logins to the terminal server at the main office where they can access their desktops and shared folders for their locations.

His permissions are the same as every other user as Full Control and not inherited. There are no Deny settings on any parent folders.

No other users are having this issue and his settings match everyone else's.

As far as the cacls command, I will run that and post the results.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Might help to enable security auditing for that user as well.  It will be a lot to funnel through, but it might give some indication of what's causing the issue.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Anything from the cacls command?
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
No longer an issue.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.