Friday, November 16, 2012 8:43 AM
By some reason, one of our file servers (Windows Server 2003) no longer allows non-admins to access file shares. If adding the users into local administrators group, they can access the file shares again, so we have a working temporary workaround that we want to get rid of.
The user right "Access this computer from the network" looks ok when checking RSOP or gpedit. Another file server in same OU affected by same GPOs works doesn't have the issue. Checkin gthe secure channel to the domain with 'nltest /sc_query' and 'nltest /sc_verify' looks ok on the problem server.
Is there anything in registry that can have become corrupt?
Failure audit message in security eventlog:
Unknown user name or bad password. Logon Type: 3 (network access)
Error message on client:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.
Monday, November 19, 2012 8:01 AMModerator
It is still worth to check if it is caused by group policy, so you could create a testOU with no gp applied, and move an affected machine as well as a testaccount to the testOU. Logon both the testaccount and an affected account on that machine to see if there is any different.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact firstname.lastname@example.org.
Monday, November 19, 2012 8:48 AM
All users not member of local administrators group were affected.
We moved the server into a sub-OU with GPO inheritance blocked to make it possibly to manage settings locally on the server.
After applying defaultsv.inf security template and rebooting the server, a test user not member of administrators group was able to access the file shares again. As the file server behave normal again, the administtrators group has been cleaned up.