I have a client who has information on their desktop under the desktops shared folder.

This user wants to access this information on their notebook, when they connect to the network on site.

I set up this directory as shared. The problem is, the user can see the share, but when they click on the share a dialog box appears that tells them to see the system administrator, because they may not have access rights to this folder.

I set the share up for everyone to be able to read, write and execute from this file. "All privalages.

This is a windows 2003 server environment.

Does anyone know what the problem could be?

Thanks ahead of time!!!

Check the access rights on the actual directory on the hard drive.


I wouldn't set up the share for "Everyone". Everyone means....EVERYONE. Which means that a simple virus could do a share scan, see your shared folder with "Everyone" permissions and wreak havok...all without having to authenticate with the domain. It's better to use "Domain Users" which means that any "Domain User" can access the share. Even better would to just specify only the people who need to access that share.

Originally posted by dosfreak:

"Check the access rights on the actual directory on the hard drive."

IF NOT THE FILE(S) ITSELF (THEMSELVES) UNDER THAT FOLDER AS WELL VIA RIGHTCLICKS ON THEM & USING THE PROPERTIES MENU, SECURITY TAB!

(Had to insert the details how to get to security stuff like that for NTFS filesystems rights for him & also to point out this exists @ the file level, AND directory as you did...

Yes, the "cascades of inherited rights" ARE here, but if you note when you change them?

Well, by default, that's NOT checked to do in the checkbox iirc...

BUT, yes, you can do that manually @ the directory/folder level & have it cascade to constituent subordinate files, OR do it manually to the files themselves as I pointed out!)

Originally posted by dosfreak:

"I wouldn't set up the share for "Everyone". Everyone means....EVERYONE."

Agreed - on a "workstation/pro" stand-alone node system like I have here @ home which is NOT on a LAN/WAN, I use a 'variation' of that theme myself, DosFreak... check it:

("Authenticated Users" use, vs. EVERYONE group here... it's good for NTFS security for local standalone box, vs. LAN setup like you are enumerating there!)

(Yes, I am on a WAN (how we are talking lol, the net itself) as you know, but on cablemodem/dsl you are on a WAN really & imo, @ more risk than dialups!

You are kind of as well on dialup connections, but changing of IP is frequent so basically, not something to worry about AS MUCH, security-wise imo, but still something to do anyhow nevertheless!)...

ANYHOW - On a "stand-alone" workstation here w/ no LAN @ home?

I use "Authenticated Users" vs. EVERYONE group...

Why?

Well, early on in NT-based Os', if you used EVERYONE? It is what you said DosFreak - it included REMOTE ENTITIES!

(Supposedly, 2000 SP #2 iirc, onwards to XP/2003, etc.? This was 'fixed' & EVERYONE group no longer includes REMOTE USER ENTITIES...

However, personally I still trust "Authenticated Users" more than this allegedly fixed EVERYONE group entity!)

The description you give for "Domain Users" sounds much the same as EVERYONE vs. AUTHENTICATED USERS DosFreak, & great point!

Only diff. to me seems to be that domain users is for networking purposes, keeping ONLY local LAN users able to get to disk data (files/folders), but not remote entities from other networks!

Originally posted by dosfreak:

"Which means that a simple virus could do a share scan, see your shared folder with "Everyone" permissions and wreak havok...all without having to authenticate with the domain. It's better to use "Domain Users" which means that any "Domain User" can access the share. Even better would to just specify only the people who need to access that share."

Right on the "munny" , & agreed 110% from me...

*

APK

What I want to when I posted this question is just, could this be a problem associated with active directory?

It's possible. I've had issues where a user could not authenticate properly with the DC. In those cases I'd verify that was the case by creating a new user and trying to access the folder in question as that user.