Re: Bizzare security behaviour
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 12:15:11 -0500
Is this brand new behavior and does it apply to all users that logon to any
NT4.0 workstation and all users that logon to any XP Pro workstation?? Check
the security log on the server with the share to see if any logon failures
are recorded that may help explain why access is denied. Refer to the KB
article below that explains problems that can arise with incompatible
security settings among access from different operating systems.
Incompatible lan manager authentication levels and digitally sign
communications [SMB signing] are usual suspects. Also have the user from the
NT4.0 computer try accessing the share via the IP address of the server
instead of name as in \\xxx.xxx.xxx.xxx\sharename to see if that makes a
difference. Verify that your wins is set up correctly in that the all domain
controllers, servers, and workstations also need to be wins clients since
NT4.0 is being used in the domain. The NT4.0 computers should be able to
ping the file share server and domain controller by name and IP
dress. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
"Invisible" <void@xxxxxxxx> wrote in message
news:OQ0x$A2mGHA.3440@xxxxxxxxxxxxxxxxxxxxxxx
I have a folder on our network fileserver that is exhibiting extremely
bizzare behavior. Specifically, if I log on to a Windows NT 4.0 Workstation
machine, when I try to open this folder from Windows Explorer I get "Access
Denied". However, if I log on to a machine running Windows XP Professional,
I can open the folder without difficulty. What the hell...?!
I thought the entire POINT of security permissions being on the server is
that the SERVER decides whether you can or can't access stuff, not the
client. Why would using a different client OS make the slightest bit of
difference? I find this really quite frightening.
The fileserver is Windows 2000 Server. User accounts are Active Domain. My
user account has the following permissions to the folder:
Traverse Folder / Execute File: No
List Folder / Read Data: Yes
Read Attributes Yes
Read Extended Attributes Yes
Create Files / Write Data Yes
Create Folders / Append Data Yes
Write Attributes Yes
Write Extended Attributes Yes
Delete Subfolders and Files No
Delete No
Read Permissions Yes
Change Permissions No
Take Ownership No
No other permissions are being inherited by this folder. No other security
groups to which I belong are mentioned in the permissions.
I realise that this is a pretty bizzare combination of permissions. I have
no idea why it's set that way. (We have an in-house application that
automatically fiddles with file permissions. I believe in this case it has
set them wrong - but the application authors won't believe me because "it
works in XP". <sigh>)
Somebody suggested it might be something to do with the "Bypass traverse
checking" - but this option is Enabled for the group Everyone on both test
machines, and yet one gives me access and the other does not.
Any help here??
.
- Follow-Ups:
- Re: Bizzare security behaviour
- From: Invisible
- Re: Bizzare security behaviour
- References:
- Bizzare security behaviour
- From: Invisible
- Bizzare security behaviour
- Prev by Date: Re: user does not have acces privileges
- Next by Date: Re: password migration
- Previous by thread: Bizzare security behaviour
- Next by thread: Re: Bizzare security behaviour
- Index(es):
Relevant Pages
|
