Policy on Windows 2008 server is blocking USB drive access even though there are no offending GPO's

Hello, I am getting an error when trying to access external hard drives on a Windows 2008 Server. This happens from Explorer, or from administrative command prompt. The OS cannot even access the drive, it displays an error stating the drive has a corrupted recycle bin. I can reformat the drive from the Storage Manager snap-in, and the problem still persists, so it doesn't appear to be an issue with the NTFS permissions.

Digging through all the GPO's on this server, I didn't see any active GPOs that had items changed in the computer configuration\system\removable storage section, but I did find items flipped in the Default Domain Policy. I have flipped these back and forced a group policy update to no avail. I have used the dcgpofix tool to reset the both default policies to no avail. I've tried creating a new GPO with the restrictions set to "disable," linked, and enforced it to no avail.

Has anyone had this happen before, or does anyone have any suggestions? I've checked the Default Domain policy, the Default Domain Controllers policy, and the Default local policy.
Clay FoodyAsked:
Who is Participating?
 
compdigit44Commented:
What is the state of the "Portable Device Enumerator Service" if it is running stop it.
0
 
Don S.Commented:
suggestions:

1: check that the USB connected disk actually is readable by connecting to another system.
2: Is there an AV product on the server that could be blocking access?
0
 
Clay FoodyAuthor Commented:
The USB disk is readable, I've connected it to another laptop. Formatting the disk on the other laptop alleviates the "Recycle Bin Corrupted" error on the server, since the laptop was able to create the Recycled folder. I still cannot access USB drives from the server, I get "Access Denied." The same is true for the CDROM drive. At one point these were disabled through group policy. Also worth noting is that I can format the USB drive on the server from the Disk Manager snap-in, but if I try to format it from Explorer the OS says I have insufficient rights, again this looks like Group Policy.

I actually found these settings in the Default Domain Policy and corrected them. There were other GPOs in place at some point in the past that may have had these settings enforced as well, but they're no longer in place.

I need to figure out how to kill and undo the previous GPO policies that are no longer in place. Creating a new group policy with the opposite settings in place has not fixed the issue. What's more frustrating is that Resultant Set Of Policies seems to indicate there is no restriction in place.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Don S.Commented:
Have you run a RSOP test against the server?  (Resultant Set Of Policy)  That will test to see what policies the server is actually seeing.  That may highlight something.  Also, the restrictions may still be enforced if you simply removed that policy or changed it to not configured.  You may need to explicitly enable the drives via policy instead of removing the restrictions.  Some items in GPO are sticky - meaning that they stay the way they were last set when the setting policy is removed.
0
 
Clay FoodyAuthor Commented:
RSOP shows my opposite group policy has gone info effect, but I still cannot access the drive.
0
 
compdigit44Commented:
Have you tried to created a new opposite policy to "disable" the feature that was enabled previously. If some settings are sett outside of the "policy" area in the registry they can cause tattooing..
0
 
Clay FoodyAuthor Commented:
I have tried doing that by creating a policy with the "Disabled" option to all the "Deny Access" rules in the "Remote Access" section to no avail.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.