Re: Bizzare security behaviour
- From: Invisible <void@xxxxxxxx>
- Date: Fri, 30 Jun 2006 10:21:09 +0100
Is this brand new behavior
Don't know. Nobody has ever tried to use such an unusual combination of security permissions before. (Usually things are set to no access, read-only, or full access. That simple.) But these folders are managed by our new wizzy in-house project management system [which is actually almost useless], and it has set these strange permissions. Nobody can tell me why exactly.
Even so, you'd expect it to work the same way on NT and XP clients...
does it apply to all users that logon to any NT4.0 workstation and all users that logon to any XP Pro workstation??
As far as I *know* it applies to anybody trying to access a folder to which they have been given List but not Traverse permission. (The problem originally showed up with a project folder, but I was able to create some random test folders myself and set myself to have the same permissions combination on them, which gives the same behaviour.)
Check the security log on the server with the share to see if any logon failures are recorded that may help explain why access is denied.
Checked the logs on both the file server and the domain controller. Nothing of interest. <invert comment about security log entries being drastically too cryptic>
Refer to the KB article below that explains problems that can arise with incompatible security settings among access from different operating systems. Incompatible lan manager authentication levels and digitally sign communications [SMB signing] are usual suspects.
Actually, we did have an issue with this very server where people would stop being able to access anything after a while. We eventually tracked it down to SMB signing - and that has been set as "optional" ever since.
This server is now our main fileserver. People access files on it all day every day, and have been doing for about 7 months now without issue. The issues only showed up when we got this new software with it's strange permission settings.
(I have no idea what List but not Traverse is actually supposed to mean... As far as I can tell, on both WinNT and WinXP, by default Bypass Traverse Checking is turned on anyway, so not quite sure why the software is denying this permission given that it's no-op anyway.)
Also have the user from the NT4.0 computer try accessing the share via the IP address of the server instead of name as in \\xxx.xxx.xxx.xxx\sharename to see if that makes a difference.
I'll give it a go... I don't imagine it will make any difference.
Verify that your wins is set up correctly in that the all domain controllers, servers, and workstations also need to be wins clients since NT4.0 is being used in the domain. The NT4.0 computers should be able to ping the file share server and domain controller by name and IP dress.
Yep. That all checks out.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
Well, it's a place to start from...
.
- Follow-Ups:
- Re: Bizzare security behaviour
- From: Steven L Umbach
- Re: Bizzare security behaviour
- References:
- Bizzare security behaviour
- From: Invisible
- Re: Bizzare security behaviour
- From: Steven L Umbach
- Bizzare security behaviour
- Prev by Date: Re: NSIS Media
- Next by Date: Remote computer
- Previous by thread: Re: Bizzare security behaviour
- Next by thread: Re: Bizzare security behaviour
- Index(es):
Relevant Pages
|
