torniee
02-11-2002, 08:35 AM
Hi,
Here's a weird one, help appreciated
I’ve got two domains, W2K and WinNT (4.0, SP6a), trusts created and tested. Username created to the W2K domain get’s Access Denied –messages when trying to connect a shared folder in WinNT domain. W2K username has been granted full access to the WinNT shared folder. Not spicy enough? Well, W2K username CAN ACCESS the folder… using a trick.
Environment:
WinNT domain, W2K domain and Win98SE workstation. Domains trusts each other, both ways. W2K domain with AD installed has so far one server only (SP2 and all the other updates from Windows Update). A user name dDuck is created with the W2K AD Users and Groups SnapIn and dDuck is a member of "Domain Users" group. Win98SE has "DS client for Windows 98" installed. All of the WinNT domains servers are 4.0 SP6a, one of BDC's contains a shared folder, let's call it \\ServerName\dDuck. "W2K domain"\dDuck and "WinNT domain"\Admin have full rights to this folder.
The situation
dDuck logs on W2K domain with Win98 OK. When he tries to connect to \\ServerName\dDuck a Access is denied -window pops up.
If "WinNT domain"\Admin logs on to WinNT domain using the same workstation and opens the \\ServerName\dDuck (Start, Run, \\ServerName\dDuck, OK) it opens OK. "WinNT domain"\Admin opens a subfolder in \\ServerName\dDuck. When "WinNT domain"\Admin logs off without closing the \\ServerName\dDuck\SubFolder -window, Win98 tries to open it to whoever tries to log on the next time
When dDuck logs on W2K domain again... Guess what... Anyone?... the freaking \\ServerName\dDuck\SubFolder -window opens. Yes, Yes I' checked and rechecked that the \\ServerName\dDuck -folder's permissions has "W2K Domain"\dDuck w. full rights in it.
When I turn the auditing on for the \\ServerName\dDuck -folder the Access is denied -incident does not even show there, but the succesfull incidents does.
Browsed MS Knowledge Base and found these articles:
"Access Is Denied" Error Message Appears When Permissions Are Correct (Q250494)
Access Denied Error When Attempting to Connect to a Network Share (Q214759)
Unfortunately neither of these applied, trusts, permissions and shares (Q214759) are OK and neither files nor folders are encrtypted (Q250494).
I've done some addition testing: The same happens with W2K Pro workstation.
Regardless of the type of the workstation, when you, at the command prompt, try to connect with:
net use X: \\ServerName\dDuck
the connection is OK, but when you try to list the content (DIR X:\): No such luck. Still your able to change directory with
x:
CD SubFolder
... TaDaa! IT OPENS.
What the heck is going on?
Here's a weird one, help appreciated
I’ve got two domains, W2K and WinNT (4.0, SP6a), trusts created and tested. Username created to the W2K domain get’s Access Denied –messages when trying to connect a shared folder in WinNT domain. W2K username has been granted full access to the WinNT shared folder. Not spicy enough? Well, W2K username CAN ACCESS the folder… using a trick.
Environment:
WinNT domain, W2K domain and Win98SE workstation. Domains trusts each other, both ways. W2K domain with AD installed has so far one server only (SP2 and all the other updates from Windows Update). A user name dDuck is created with the W2K AD Users and Groups SnapIn and dDuck is a member of "Domain Users" group. Win98SE has "DS client for Windows 98" installed. All of the WinNT domains servers are 4.0 SP6a, one of BDC's contains a shared folder, let's call it \\ServerName\dDuck. "W2K domain"\dDuck and "WinNT domain"\Admin have full rights to this folder.
The situation
dDuck logs on W2K domain with Win98 OK. When he tries to connect to \\ServerName\dDuck a Access is denied -window pops up.
If "WinNT domain"\Admin logs on to WinNT domain using the same workstation and opens the \\ServerName\dDuck (Start, Run, \\ServerName\dDuck, OK) it opens OK. "WinNT domain"\Admin opens a subfolder in \\ServerName\dDuck. When "WinNT domain"\Admin logs off without closing the \\ServerName\dDuck\SubFolder -window, Win98 tries to open it to whoever tries to log on the next time
When dDuck logs on W2K domain again... Guess what... Anyone?... the freaking \\ServerName\dDuck\SubFolder -window opens. Yes, Yes I' checked and rechecked that the \\ServerName\dDuck -folder's permissions has "W2K Domain"\dDuck w. full rights in it.
When I turn the auditing on for the \\ServerName\dDuck -folder the Access is denied -incident does not even show there, but the succesfull incidents does.
Browsed MS Knowledge Base and found these articles:
"Access Is Denied" Error Message Appears When Permissions Are Correct (Q250494)
Access Denied Error When Attempting to Connect to a Network Share (Q214759)
Unfortunately neither of these applied, trusts, permissions and shares (Q214759) are OK and neither files nor folders are encrtypted (Q250494).
I've done some addition testing: The same happens with W2K Pro workstation.
Regardless of the type of the workstation, when you, at the command prompt, try to connect with:
net use X: \\ServerName\dDuck
the connection is OK, but when you try to list the content (DIR X:\): No such luck. Still your able to change directory with
x:
CD SubFolder
... TaDaa! IT OPENS.
What the heck is going on?