# strange permission problem with server 2003 network



## hefe0 (Apr 9, 2006)

Hello all,

I realise that this is a long post, but please read the entire thing before commenting.

I am the network guy at our small business and know enough to be dangerous but not necessarily enough to fix all the problems. Recently we had a strange thing occur and I was hoping that someone could offer me some pearl of wisdom.

We run a network with Small Business Server 2003 about 10 XP Pro machines in a domain. This network has been running fine for the last 15 months. Recently two users started having problems accessing information on the server. They were able to login to the server but were not able to access shared folders on the server. The day before this everything worked fine. I got the following error

*\\xxxx is not accessable. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Logon Failure: the user has not been granted the requested logon type at this computer. *

On one of the machines that we got this error on, after trying many things, I logged on as administrator of the domain and GOT THE SAME ERROR! 

However, another person that had used this computer in the past could get on just fine and was able to access the shared folders.

This is currently happening on two machines that we know of. Like I said, everything was working fine for 15 months before this occured.

Can anyone help me?

Thanks


----------



## geraldtongirl (Mar 29, 2006)

I probably can't help you much but I ran into the exact same error when using my laptop wirelessly and using a Firewall with Trend Antivirus.

I got the same error when ever I tried access shares etc and I found it was because the wireless profile (firewall) on trend blocks netbios names which stops my shares from working and my login had domain admin rights so it shouldn't have a problem but it did.

Check your firewall settings have not change and check your antivirus if this is a wireless pc


----------



## rajthampi (Oct 30, 2004)

*User rights & passwords*



hefe0 said:


> Hello all,
> 
> I realise that this is a long post, but please read the entire thing before commenting.
> 
> ...


How do you confirm those users who cannt access the shared folders are really logged with your 2003 server? When they start up their computers do they log to the domain or to their own computers?
Are you maintaining groups on your Domain controller?
Please try to do the following
Log to your DC as administrator and right click on the shared folders and select "Sharing..."
Check the permissions, the users having difficulties accessing those folders are listed there? Once confirmed, go to Security-check the permissions for those users with difficulties accessing the shared folders again.
If those users are listed under both the tabs, then make sure the passwords are synchronized. I mean incase if your users are logging on to their own computers instead of domain-they might have changed their passwords. Reset them with the passwords you set for them with the domain controller.

All the best


----------



## hefe0 (Apr 9, 2006)

Thanks for the advice but that did not work. The users are logging onto the domain and I do maintain groups on the domain controller.


----------



## rajthampi (Oct 30, 2004)

*Change passwords*



hefe0 said:


> Thanks for the advice but that did not work. The users are logging onto the domain and I do maintain groups on the domain controller.


Sorry to hear that. Anyway why don't you reset the passwords for those users with both client machines and domain?

You can do one more thing, as you have mentioned you maintain groups-delete those 2 users from the domain, recreate them, add them to the respective groups (incase folders are shared on group basis) or add them to those shared folders independantly.
This must solve your issues (I hope)

All the best once again


----------



## hefe0 (Apr 9, 2006)

It turns out that some groups were in the "Deny Access to this computer from the network" under policies.

How would that happen? I tried to change this and was told that it could not save to gpttmpl.inf. Is this file write protected?

Does anyone know how this could happen and why I cannot change it

Thanks


----------



## rajthampi (Oct 30, 2004)

*Check this link*



hefe0 said:


> It turns out that some groups were in the "Deny Access to this computer from the network" under policies.
> 
> How would that happen? I tried to change this and was told that it could not save to gpttmpl.inf. Is this file write protected?
> 
> ...


http://technet2.microsoft.com/WindowsServer/en/Library/7aca1280-42cd-4511-93df-d95bd748d9791033.mspx

Hopes it would resolve your issues


----------

