1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User cannot access file server

Discussion in 'Software' started by guess who, Sep 10, 2007.

  1. guess who

    guess who Bit Poster

    49
    0
    19
    Hi everyone !

    Well, I've got a little problem in my company.

    Here's the case:

    2 server's running, 1 Domain Controller and 1 is file server. One user can access domain controller but cannot access file server. Says "Access denied" but he has all nessecary rights ?!?! :eek: I mean, he is in organizational unit like all other user's but he is the only one who can't access that specific server. :blink


    Anyone has solution to my problem ? :oops:
     
    Certifications: MCP, MCSA
    WIP: MCSE
  2. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    Its not, as a general rule, the OU's that grant access rights.

    I would check the file permissions on the area hes trying to access, and also the share permissions on the server share to ensure that hes in the correct groups for access.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  3. ManicMonkey

    ManicMonkey Kilobyte Poster

    325
    4
    32
    Also check any gpo's that are in force on his account, OU, domain, server in case these are responsible for locking his access down.
     
    Certifications: MCSE
    WIP: Exchange, Share point - MOM as well
  4. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    guess who,

    When you say "...cannot access file server" what resource is the user attempting to access?

    Is this a Windows 2000 or Windows 2003 domain? Is this a single domain or multiple domain system?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  5. guess who

    guess who Bit Poster

    49
    0
    19
    OK. I've checked everything and here are the results:

    He is in the OU "company" and OU "consultants". These two OU's have permissions to read and execute, read and list folder contents.

    There's no any group policy in company because all users have notebooks.

    I really dont know where's the problem. All setting's are the same like on all other users. :blink
     
    Certifications: MCP, MCSA
    WIP: MCSE
  6. dales

    dales Gigabyte Poster

    1,998
    46
    97
    can you look at the folders on the file server at all ie can you get far enough to look at the effective perms for the folders with the access problems?
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  7. guess who

    guess who Bit Poster

    49
    0
    19


    OK, when user for example enter's in run "\\file-server" he should see all shared folders and printers on file server. He gets the "Access denied" message. When he enters "\\file-server\installations", again "Access denied" message.

    Other users can access file-server, he canot access it. But they have the same rights.


    It's Windows 2003 single domain.
     
    Certifications: MCP, MCSA
    WIP: MCSE
  8. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    just because the users have notebooks, doesnt mean you cant apply a group policy on the domain.

    Have you tried logging in as a different user on the machine and trying to access? have you tried getting the user to log into a different machine to access? both these will narrow down if its the computer or the user. You really need to tie that one down to start with. no point looking at the user account if the computer/computer account is whats at fault.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Log on with the users account at a different PC, same problem? :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    Does he mean GROUPS when he writes OU?????

    If it is groups then what I'd do is directly assign the folder permissions to the user - then see what happens! If it works then take the user OUT of the groups and remove the user from the security properties of the folder. Log the user off then ADD the user BACK into those groups. Log the user back on and try again!

    Just out of interest, did you log the user off and backon when you added him/her to the group in the first instance? Unlike Netware, Windows is loosely consistent!
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  11. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    guess who,

    Do you know which resource the user is attempting to access if you type "\\file-server?"

    Do you know the proper format of a UNC address for a resource?

    Questions:
    1. What NTFS permissions are applied to his user account?
    2. What NTFS permissions are applied to his organizational unit?
    3. What NTFS permissions are applied to his group?
    4. What Share permissions are applied to his user account?
    5. What Share permissions are applied to his organizational unit?
    6. What Share permissions are applied to his group?
    7. What effective permissions does all that result in?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  12. guess who

    guess who Bit Poster

    49
    0
    19
    Well, the problem is in computer. When user logs on another computer, he can access file server. When I log, as administrator, on his computer I can't access file server.

    I'm such a dumb a$$..:oops: Didn't check that first. :rolleyes:

    OK, so the problem is obviusly in computer. Now, how can I fix that problem. Can I delete that computer from AD and add it with another name ?

    Sorry for stupid questions, I'm one confused MCP. :oops:
     
    Certifications: MCP, MCSA
    WIP: MCSE
  13. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    Yes try deleting it from AD and then take the PC off the domain - add it to Workgroup. Then rejoin the PC back to the domain and try again with the user.

    How many MCPs do you have? And what are they in? I bet this is all good practice for you whilst studying for the MCSA/MCSE.
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  14. guess who

    guess who Bit Poster

    49
    0
    19

    I've tried that all and still doesnt work. :eek: Removed computer from AD, created new computer with diferent name, renamed user's computer and joind it to the domain. Still the sam access denied error. :rolleyes: :blink :eek:


    I've passed 70-270 and 70-290 exams. :D Two more to go and I'm MCSA. You are right, this is good practice but would be better without it. Because boss and that user are getting angry. :biggrin
     
    Certifications: MCP, MCSA
    WIP: MCSE
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Take the PC off the domain, map a drive to the server, you should get a prompt for authentication. After that can you access the share on the server?

    Has this problem just occured on the PC? If so you could try a system restore to an earlier date when the PC was behaving. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I see no one has thought of asking if this guy is a member of any groups that are denied access to these shares. Deny permissions always over ride allow, so if he is a member of a group that is denied read and execute permissions he will not be allowed to access the share.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  17. guess who

    guess who Bit Poster

    49
    0
    19
    Well, the problem is on just this specific computer. And I cant really try with system restore because problem was there after I've done clean install of Windows. :cry:


    I will try that 1 with mapping a drive. Thanks !
     
    Certifications: MCP, MCSA
    WIP: MCSE
  18. guess who

    guess who Bit Poster

    49
    0
    19
    But the problem is not in this guy because he can access server logged from another computer. The problem is in his computer because i cant even access server logged as administrator.
     
    Certifications: MCP, MCSA
    WIP: MCSE
  19. ManicMonkey

    ManicMonkey Kilobyte Poster

    325
    4
    32
    To be honest at this point id consider issuing a new laptop and brining this one into the workshop to be looked at?
    Perhaps rebuild the laptop?

    When you remove the machine from the domain, you should join it to a workgroup (random name) and then delete all trace of it out of AD.

    When you add it back into the domain try doing it without first creating a reference in AD, it will prompt for an account that has permission to add to the domain (for reference every single user on the domain can add up to 10 pc's without the need to be an administrator:blink odd but true) see if that makes any difference.
     
    Certifications: MCSE
    WIP: Exchange, Share point - MOM as well
  20. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    Yes I did think of it, but didn't ask as I'd read all posts - especially the one about the guy being able to access the resource from another PC.

    Could be that there is a physical network issue here, or perhaps a SID problem. Try the following:

    * Plug the PC into another network port and try again. Or
    * Sysprep Reseal the machine to force it into regenerating another SID.

    Just thoughts off the top of my head really.
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5

Share This Page

Loading...