asked on
Policy on Windows 2008 server is blocking USB drive access even though there are no offending GPO's
Hello, I am getting an error when trying to access external hard drives on a Windows 2008 Server. This happens from Explorer, or from administrative command prompt. The OS cannot even access the drive, it displays an error stating the drive has a corrupted recycle bin. I can reformat the drive from the Storage Manager snap-in, and the problem still persists, so it doesn't appear to be an issue with the NTFS permissions.
Digging through all the GPO's on this server, I didn't see any active GPOs that had items changed in the computer configuration\system\remov
Has anyone had this happen before, or does anyone have any suggestions? I've checked the Default Domain policy, the Default Domain Controllers policy, and the Default local policy.
Digging through all the GPO's on this server, I didn't see any active GPOs that had items changed in the computer configuration\system\remov
Has anyone had this happen before, or does anyone have any suggestions? I've checked the Default Domain policy, the Default Domain Controllers policy, and the Default local policy.
Windows Server 2008Active Directory
Last Comment
compdigit44
ASKER
The USB disk is readable, I've connected it to another laptop. Formatting the disk on the other laptop alleviates the "Recycle Bin Corrupted" error on the server, since the laptop was able to create the Recycled folder. I still cannot access USB drives from the server, I get "Access Denied." The same is true for the CDROM drive. At one point these were disabled through group policy. Also worth noting is that I can format the USB drive on the server from the Disk Manager snap-in, but if I try to format it from Explorer the OS says I have insufficient rights, again this looks like Group Policy.
I actually found these settings in the Default Domain Policy and corrected them. There were other GPOs in place at some point in the past that may have had these settings enforced as well, but they're no longer in place.
I need to figure out how to kill and undo the previous GPO policies that are no longer in place. Creating a new group policy with the opposite settings in place has not fixed the issue. What's more frustrating is that Resultant Set Of Policies seems to indicate there is no restriction in place.
I actually found these settings in the Default Domain Policy and corrected them. There were other GPOs in place at some point in the past that may have had these settings enforced as well, but they're no longer in place.
I need to figure out how to kill and undo the previous GPO policies that are no longer in place. Creating a new group policy with the opposite settings in place has not fixed the issue. What's more frustrating is that Resultant Set Of Policies seems to indicate there is no restriction in place.
Have you run a RSOP test against the server? (Resultant Set Of Policy) That will test to see what policies the server is actually seeing. That may highlight something. Also, the restrictions may still be enforced if you simply removed that policy or changed it to not configured. You may need to explicitly enable the drives via policy instead of removing the restrictions. Some items in GPO are sticky - meaning that they stay the way they were last set when the setting policy is removed.
ASKER
RSOP shows my opposite group policy has gone info effect, but I still cannot access the drive.
Have you tried to created a new opposite policy to "disable" the feature that was enabled previously. If some settings are sett outside of the "policy" area in the registry they can cause tattooing..
ASKER
I have tried doing that by creating a policy with the "Disabled" option to all the "Deny Access" rules in the "Remote Access" section to no avail.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
1: check that the USB connected disk actually is readable by connecting to another system.
2: Is there an AV product on the server that could be blocking access?