# access is denied on the Windows Server 2003 file server from Windows XP



## simon726 (Dec 13, 2010)

During my routine check at my workplace, we have two users who cannot
get access to their shared folders on the file server (located at \\SVR01).
Even though that they have the proper rights to access their files (like for example JH and KB could not access to the Search&Registration folders along with their respective scans folders located down at \\SVR01. The two users in question is running Windows XP professional SP2.

The file server runs Windows Server 2003 Standard Edition. 

According to a document that they had provided to me, the configuration is a workgroup setup and not a domain setup. No centralised management nor control over user access is not needed - unless otherwise stated. 

Some users at my workplace can get access to those shares - even though that proper rights are achieved. But for the two users in question, they could not get access. 

Their firewalls were turned off and nothing seemed to be running in the background other than the antivirus program. I also tried to update the service pack (XP SP3) for one of the two machines in question, but the problem still lingers.

The error message looks like this (for example):

*"\\SVR01\Search&Reg is not accessible. You might not have permission to use this network resource. Access is denied."*

A similiar case happens when I try to map the drives as well. It too suffered the same problem.

The guest account is enabled for both of the machines. I've also
tried disabling and re-enabling the "File and Printer Sharing" feature for both
those machines. That did not work.

I've tried accessing the same shares using an administrator
account (i.e. ABCadmin) and that enabled me to gain access to those shares. 


My indication is that their "user profiles" have been corrupted and that would be my only hope. I would probably think that copying the user profile of ABCadmin (for example) and renaming the account of the copied profile will probably do the trick.

Do you have any suggestions about the problem?


----------



## Wand3r3r (Sep 17, 2010)

You are looking at the wrong place. You look at the server not the local workstation beyond that they are joined to the same workgroup as the server.

Do the user accounts they logon to their workstations exist on the server?
How are rights assigned to shares? Via everyone full control?


----------



## simon726 (Dec 13, 2010)

Wand3r3r said:


> You are looking at the wrong place. You look at the server not the local workstation beyond that they are joined to the same workgroup as the server.
> 
> Do the user accounts they logon to their workstations exist on the server?
> How are rights assigned to shares? Via everyone full control?


As far as I know, no user accounts are in that server - I'm not familiar with the entire network setup since I work there a month and a half ago.

User accounts log on locally on their respective workstations but utilize a different username and password to access those shares. Rights are assigned as "everyone" and through full control.

Any suggestions?


----------



## Wand3r3r (Sep 17, 2010)

Do you have administrator access to the server? if not who does?

If users don't have server accounts then the only way they can access server based shares is via the enabled guest account.

But this can't be the case if only two users can't gain access. Are these two new employees?


----------



## simon726 (Dec 13, 2010)

Wand3r3r said:


> Do you have administrator access to the server? if not who does?
> 
> If users don't have server accounts then the only way they can access server based shares is via the enabled guest account.
> 
> But this can't be the case if only two users can't gain access. Are these two new employees?


Well those employees were at the company for some time. I do have administrative access to the server (the username/password is on the document that they had provided to me), however if I want to perform an administrative task (i.e restarting the server, stopping/restarting a service), I have to gain permission from whoever is in charge and in fact, I have to be accountable for all of the things I did on that server.

Like I said, rebuilding/copying profiles is my only hope.....


----------



## beeblebrox (Sep 9, 2010)

Are the passwords setup on the server that they access the shares with set to change after a certain length of time? If they're passwords (or the accounts themselves) have expired that might cause this issue.

I had a similar error here a few weeks ago. I am running a domain here with the majority of my clients PCs on that domain. However a few users bring their own laptops, they are stand alone work stations and they access their shared drives through usernames/passwords setup on the domain. When the shares are setup on their stand alone machines originally their domain username and password for the shares has to be inputted. However one of my users logged on to a domain client and was forced to change his password as it expired after 60 days. This meant that the shares on his laptop were no longer working as they had the old password stored. They shares had to be deleted and recreated with his new login details.

So go to where their domain logins are setup, reset their passwords. Make sure to tick "Passwords never expire" and make sure their logins aren't set to expire on a set date. Delete the shares on their standalone workstations and set them up with the new passwords. See how you get on with that.


----------



## simon726 (Dec 13, 2010)

beeblebrox said:


> Are the passwords setup on the server that they access the shares with set to change after a certain length of time? If they're passwords (or the accounts themselves) have expired that might cause this issue.


Well the passwords are set to "never expire". The last time I had checked, it was at that setting.




> I had a similar error here a few weeks ago. I am running a domain here with the majority of my clients PCs on that domain. However a few users bring their own laptops, they are stand alone work stations and they access their shared drives through usernames/passwords setup on the domain. When the shares are setup on their stand alone machines originally their domain username and password for the shares has to be inputted. However one of my users logged on to a domain client and was forced to change his password as it expired after 60 days. This meant that the shares on his laptop were no longer working as they had the old password stored. They shares had to be deleted and recreated with his new login details.
> 
> So go to where their domain logins are setup, reset their passwords. Make sure to tick "Passwords never expire" and make sure their logins aren't set to expire on a set date. Delete the shares on their standalone workstations and set them up with the new passwords. See how you get on with that.



I'll see on what I can probably come on with, and I'll keep you posted for further details.


----------



## Wand3r3r (Sep 17, 2010)

simon all you need to do is get on the server to check things, not make any changes. At this point we don't even know HOW they are gaining access to the shares.

You are assuming its a problem with their profiles but this can't be the case if they go to a different machine and logon and have the same issue.

So get on the server and answer the following questions;

how are they gaining access to shares
is it by a user account or no user accounts just guest enabled?

"utilize a different username and password to access those shares."
sure sounds like they have user accounts with passwords on the server

You need to review the two user accounts that are not working. Perhaps the password was set to expire.

then confirm how the shares are setup and give us an update.


----------



## simon726 (Dec 13, 2010)

Update:

Apparently, I've managed to get those people back access into their shares. Here's what I did:

- I've used the *control userpasswords2* command.
- Went into "advanced" and click on "manage passwords".

I've found out that one of the usernames and passwords is only linked to one particular share and not the other shares.

Like for example, I've enabled access to the shared drive for the "finance" folder using the finance username and password and mapped it as drive Y:.

However, when it's time for me to map their scanning folder under the Search&Reg share (via a different drive letter), that access was denied using the account of the finance share. So therefore, I have to take it to the extreme - I've mapped those drives using an account that allows me full access - the finance share, search&reg share and so on......

That finally got them into access. Any final thoughts?


----------



## simon726 (Dec 13, 2010)

UPDATE: 

Things have been topsy-turvy over the past few weeks, but I have discovered this:

I found out that accessing different remote folders using the same username and password that was mapped to one particular share was likely to blame. I try to make this as clear as possible, so here's the truth:

One user wanted to access one particular share on the network. Let's say he/she access the "scans" folder using the Search&Reg username and password. That particular user was granted access to that resource.

However, when one person wanted to access the "Corporate" folder on the network using the same credentials as the Search&Reg username, that user can't get access because one of the mapped usernames/passwords was already mapped to the scans folder in the Search&Registration username and password (for example).

How do I allow a user who wants to access the same file server, but accessing two folders using different credentials in Windows XP? Is it possible that way or do I need to find something else?

I heard somewhere that disabling NetBIOS on the client does the trick (have yet to try it), while using the FQDN for the file server can made a difference in some cases.

Any suggestions?


----------



## Ramjas (Jan 3, 2011)

plz add user in shearing and security tab with same rights problem solve if u have plz revert back me


----------



## Wand3r3r (Sep 17, 2010)

"How do I allow a user who wants to access the same file server, but accessing two folders using different credentials in Windows XP? "

If you look a the net use command [net use /?] you can map a drive using different credencials.

You shouldn't have to do this since proper server/domain administration would not allow a user to use a generic multiuser account. You have no audit trail if someone makes a mess and you have other issues like now.

The problem with your statement "accessing two folders using different credentials" is with proper account setup this is never ever an issue.

BTW enabling the guest account on the local workstation makes no difference. You would enable the guest account on the server with shares set to everyone with full control. Then you wouldn't need user accounts since everyone would be using the guest account on the server.


----------

