"Access denied" thru UNC but not mapped drive

[Guest]

On exactly one Windows XP workstation on our network, users are unable to
access files by UNC, although they can access them through mapped drives.
For instance, P: is a mapped drive for \\Server\Public\. So the paths
P:\temp.txt and \\Server\Public\temp.txt point to the same file, by way of
the same network share. But "type P:\temp.txt" types out the file, while
"type \\Server\Public\temp.txt" displays "Access denied." Folders can be
opened by UNC in Explorer or a DIR command, but "List folder contents" seems
to be the only functioning privilege.

\\Server\Public shares the F:\Public folder on the server itself, so
\\Server\F$\Public\temp.txt also points to the file. On other computers, a
regular user can access P:\temp.txt and \\Server\Public\temp.txt and gets
"Access denied" for \\Server\F$\Public\temp.txt; and an administrative user
can access all three.

But on the problem machine, even domain administrators can only access
P:\temp.txt. Aren't the resulting privileges supposed to be the same whether
the share is accessed directly or through a mapped drive letter? What's
going on?

This machine can't access any share on any network machine by UNC, as far as
I've tested. It can't even read files from its own C$ share. This behavior
started in the last day, and has survived multiple reboots. I can't find
anything weird in the event logs for the machine, or in the security logs of
machines it's trying to access.

Any ideas? Thanks!

 

[astyles]

On exactly one Windows XP workstation on our network, users are unable to
access files by UNC, although they can access them through mapped drives.
For instance, P: is a mapped drive for \\Server\Public\. So the paths
P:\temp.txt and \\Server\Public\temp.txt point to the same file, by way of
the same network share. But "type P:\temp.txt" types out the file, while
"type \\Server\Public\temp.txt" displays "Access denied." Folders can be
opened by UNC in Explorer or a DIR command, but "List folder contents" seems
to be the only functioning privilege.

\\Server\Public shares the F:\Public folder on the server itself, so
\\Server\F$\Public\temp.txt also points to the file. On other computers, a
regular user can access P:\temp.txt and \\Server\Public\temp.txt and gets
"Access denied" for \\Server\F$\Public\temp.txt; and an administrative user
can access all three.

But on the problem machine, even domain administrators can only access
P:\temp.txt. Aren't the resulting privileges supposed to be the same whether
the share is accessed directly or through a mapped drive letter? What's
going on?

This machine can't access any share on any network machine by UNC, as far as
I've tested. It can't even read files from its own C$ share. This behavior
started in the last day, and has survived multiple reboots. I can't find
anything weird in the event logs for the machine, or in the security logs of
machines it's trying to access.

Any ideas? Thanks!

Where are you getting the mapping from? Is it coming from a login
script? Perhaps when your users are attempting to use UNC it is
failing because of their originating authentication. Look at your
login script if that is where you are mapping the drive from and make
sure that it does not specify a /user:administrator or such at the
suffix of the drive mapping command. if it just simply maps the drive
as the logged in user- it should work. You are on a domain right?

A

 

[Guest]

The mapped drives come from a script, but it's just NET USE P:
\\SERVER\PUBLIC with no /user parameter. The same script runs for every user
and every workstation on the network, but only this one workstation (named
OFFICE6) has problems.

Note also that the domain administrator account can't read files addressed
by UNC from OFFICE6. Also, the domain admin can't read files from
\\OFFICE6\C$ (the C: admin share) from OFFICE6 itself, although \\OFFICE6\C$
can be read from other workstations. From OFFICE6, UNC addressing to any
file on any share anywhere (admin or otherwise) apparently gives "list only"
access.

 

[astyles]

The mapped drives come from a script, but it's just NET USE P:
\\SERVER\PUBLIC with no /user parameter. The same script runs for every user
and every workstation on the network, but only this one workstation (named
OFFICE6) has problems.

Note also that the domain administrator account can't read files addressed
by UNC from OFFICE6. Also, the domain admin can't read files from
\\OFFICE6\C$ (the C: admin share) from OFFICE6 itself, although \\OFFICE6\C$
can be read from other workstations. From OFFICE6, UNC addressing to any
file on any share anywhere (admin or otherwise) apparently gives "list only"
access.







- Show quoted text -

You might try to reset the local security policy- that's all I can
come up with!

 

[Guest]

How do I reset the local security policy? I've never dealt with that in XP;
just group policy for the domain.

Thanks!