Solved

User getting Random Access Denied Errors on SMB folders he is explicitly granted access too

Posted on 2016-09-12
7
115 Views
Last Modified: 2016-09-14
Hi I have a user who repeatedly is getting access denied errors on a specific set of mapped folder shares, through either GPO or Script (tried both ways).

With out fail it's the same folders. Sometimes it doesn't happen for weeks and it only seems to happen to him no one else, everyone else who has permissions is fine. I thought it was profile issues but its across the board on multiple computers, first it started on a windows 7 computer, but then it spread to his VDIs and terminal servers which are Windows 10 and 2008/2012, but if you're in multiple instances it won't be on every one. The windows 7 machine will have it but the windows 10 machine won't, then vice versa, or the 2012 and 2008 will be fine but the windows 7 and 10 won't or all will be fine and working then in the middle of doing things in it, it stops working. So I though ACLs were corrupt. I removed all permissions and re-added them. Is there anything that could test to see what's going on? tried completely fresh installs and it continues. Created new profiles, tried local, tried roaming.

I don't see anything in the event viewer and like I said it only seems to be happening to this one user. who happens to need access to these files all the time.

There are no Denies on him or anyone and He's both explicitly allowed by user and Group.

I'm at a loss any help would be greatly appreciated.
0
Comment
Question by:Crossroads305
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 19

Assisted Solution

by:Mal Osborne
Mal Osborne earned 125 total points
ID: 41795277
Is time properly synchronised?  If you have a machine with a faulty real time clock, then strange security related events can occur.

Set up properly, every machine on a domain should have the same time, within a second or less, however problems don't usually emerge unless there are several minutes of skew.
0
 
LVL 1

Author Comment

by:Crossroads305
ID: 41795369
I just checked, both computers, File server, and ADs all have the same time
0
 
LVL 12

Assisted Solution

by:andreas
andreas earned 125 total points
ID: 41795629
account locked due to authenticating with a wrong password? Doesnt need to come from his devices. Might come from somewhere if the affeced username might be common.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 1

Author Comment

by:Crossroads305
ID: 41795817
We never have to unlock his account, nothing on his computer uses his user account to log into an application or service, everything is using windows passthrough credentials and they all seem perfectly fine. His phone is the only other thing that connects and that appears to be fine as well.
0
 
LVL 55

Accepted Solution

by:
McKnife earned 250 total points
ID: 41795869
"Is there anything that could test to see what's going on? " - yes, download and start procmon on both the server and the client to log what is going on in depth.
0
 
LVL 1

Author Comment

by:Crossroads305
ID: 41795880
I think we found the problem, now we just need to find the culprit. Something is  trying to pass through credentials that aren't the users to those specific drives. I found it logging in as a completely different user when he tried to connect and then stored credentials would show up in the windows credential store. if we delete them they're fine for a while and then they're back. funny thing is that the credentials aren't always there then randomly show up.

I feel it's an application that is doing it. It's trying to add a shared user that used to have access to the folders but since we updated our security processes that user was removed from access to those folders and granted to groups instead
0
 
LVL 1

Author Closing Comment

by:Crossroads305
ID: 41797670
The culprit was the saved credentials that kept getting passed around to the different profiles, since we deleted all the credentials on all the machines he logs into it seems to have stopped.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question