Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Windows Server TechCenter >
File server access issue

Answered File server access issue

  • Friday, November 16, 2012 8:43 AM
     
     
    Sign In to Vote
    0

    By some reason, one of our file servers (Windows Server 2003) no longer allows non-admins to access file shares. If adding the users into local administrators group, they can access the file shares again, so we have a working temporary workaround that we want to get rid of.

    The user right "Access this computer from the network" looks ok when checking RSOP or gpedit. Another file server in same OU affected by same GPOs works doesn't have the issue. Checkin gthe secure channel to the domain with 'nltest /sc_query' and 'nltest /sc_verify' looks ok on the problem server.
    Is there anything in registry that can have become corrupt?

    Failure audit message in security eventlog:
    eventid 529
    Unknown user name or bad password. Logon Type: 3 (network access)

    Error message on client:
    Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

     

All Replies

  • Monday, November 19, 2012 8:01 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    It is still worth to check if it is caused by group policy, so you could create a testOU with no gp applied, and move an affected machine as well as a testaccount to the testOU. Logon both the testaccount and an affected account on that machine to see if there is any different.

    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

     
  • Monday, November 19, 2012 8:48 AM
     
     Answered
    Sign In to Vote
    0

    All users not member of local administrators group were affected.
    We moved the server into a sub-OU with GPO inheritance blocked to make it possibly to manage settings locally on the server.

    After applying defaultsv.inf security template and rebooting the server, a test user not member of administrators group was able to access the file shares again. As the file server behave normal again, the administtrators group has been cleaned up.