Re: can't get access to disk share when connecting from a remote s

From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 01/06/05

• Next message: steve: "Re: Extracting e-mail accounts from A.D."
• Previous message: papejack: "RE: Copying folder over a network"
• In reply to: jong: "Re: can't get access to disk share when connecting from a remote s"
• Next in thread: jong: "Re: can't get access to disk share when connecting from a remote s"
• Reply: jong: "Re: can't get access to disk share when connecting from a remote s"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 6 Jan 2005 11:48:09 -0700

"jong" <jong@discussions.microsoft.com> wrote in message
news:06E95FE2-5D40-4C92-AED7-F42D3883D806@microsoft.com...
> Hi Al,
>
> I will keep my responses up here in order to keep things readable &
> collected.
>
> When I am connecting to the shares created by the script I always connect
> with the admin username and password of the system that the shares are on;
> not the admin account of the local system.

That seems right. Assuming that the share is permitted read/write/full
access to the administrator account on that workstation, then that
connection (I assume you mean you have mapped the share to a drive letter)
should allow access to all files and subfolders, at least as allowed by the
NTFS permissions on the files and folders themselves.

> as for your comment about placement of the password in the net use cmd
below
> I cannot do that as the syntax would then be incorrect, and the cmd would
> fail to execute.

OK.

> for the c$, d$, v$ administrative shares do you have any reason as to why
I
> cannot mount these using that system's admin username and password?

I have no idea why that would be the case.

> As I
> said before I never had a problem with this until I moved my systems to
winXP.

What were you running before, w2k, nt4, or 9x?

> a new question that I have is 'should' my original script provide
read/write
> access to the shares by default when I connect with the FILE_SHARE
constant
> set to zero (0).

I do not recall what the zero means, but you should be able to examine the
share directly on the workstation using compmgmt.msc to determine if the
result is as you want it.

> I assume that this would be true since the 'allow network users to change
my
> files' checkbox is checked after I run the script. As I said in my
original
> message everthing will work as expected if I 'toggle' this checkbox after
the
> script has been run (un-check it, and then re-check it) since it forces
the
> permissions to be reset. To me this seems to be the key to the whole
> issue...it is like this permission doesn't get propigated to all of the
> folders & files below each of the drives. Can anybody comment on this?

Seems odd. But do not expect permissions applied to the share by script
(i.e. not the folder being shared, but the share itself) to replicate to
subfolders. I do not know if that replication would be done through the GUI
tools, but I do not think it should -- unless perhaps you are running XP
Home, which tends to simplify/dumb-down the security side of things to make
administration easier for non-technical types.

In my environment, we give ALL users FULL access to ALL shares. In the
likely event that permissions need to be somewhat more restricted than that,
we do all of our permission management at the NTFS level.

> Is there another 'MVP' that can help with this since you admit to not
having
> much experience with this? Nothing personal, and I thank you for the help
so
> far, but I really need to get some understanding here.

You need not worry about my taking your above comment personally. I have
provided what info I can, knowing it was incomplete to your problem, and it
is obvious from what you have said that you appreciate the attempt.

As to other MVP's who might have more to say in the area, I do not know any
of them that well -- it would be up to them to step forward and comment
further. Perhaps lots of them are still in the festive mood and have not
come back down to newsgroup earth following their celebrations... ;-)

/Al

>
>
>
>
> "Al Dunbar [MS-MVP]" wrote:
>
> >
> > "jong" <jong@discussions.microsoft.com> wrote in message
> > news:0B97F346-183E-40C9-AF1D-BF64F32B7318@microsoft.com...
> > > Al,
> > >
> > > As I noted in this post I am connecting as the local administrator,
but
> > > still don't get permission to access anything below the folders.
> >
> > I also just noticed that you mention the computer as belonging to a
> > workgroup, a networking environment I have little experience with...
> >
> > > I have
> > > tried to access c$...as you noted, but when I try to connect to these
> > shares
> > > I always get an access denied error, so I cannot get the shares to
mount
> > on
> > > the remote system.
> >
> > The administrator account on one system will not automatically have
access
> > to folders on another just because it is an administrator account
elsewhere.
> >
> > > I never had that problem till we rolled to windows XP.
> > > At any rate I am always mounting using the administrator user/pass.
> >
> > When logged on at computer AAAA and attempting to map to shares on
computer
> > BBBB, which administrator account do you provide the credentials for,
the
> > one on AAAA or the one on BBBB?
> >
> > > I have
> > > even tried using the <remoteSystemName> with the administrator
username
> > but
> > > that has not helped. Example:
> > >
> > > net use x: \\<remoteSystem>\c$ <remoteSystemPassword>
> > > /user:<remoteSystemName>\administrator
> >
> > Assuming that "remoteSystemName" is the name of the system whose shares
you
> > want to map, you might want to place the password *after* the /user
> > parameter.
> >
> > > Anymore ideas? Any ideas why the c$, d$, or v$ administrative shares
are
> > > being blocked?
> >
> > I believe that, by default, these admin shares are not available to all
> > users.
> >
> > /Al
> >
> > > "Al Dunbar [MS-MVP]" wrote:
> > >
> > > >
> > > > "jong" <jong@discussions.microsoft.com> wrote in message
> > > > news:AE4CE427-6033-49AA-9DA7-CD85B99A2C06@microsoft.com...
> > > > > I hope that you can help me out. I have adapted some code to
create a
> > > > script
> > > > > that will share three drives on a local computer. The script
executes
> > OK,
> > > > > and the shares 'seem' to be setup correctly, but when they are
> > connected
> > > > 'to'
> > > > > from a remote system I cannot access any folders below them
outside of
> > a
> > > > few
> > > > > below the 'Documents and Settings'. If I vew the share properties
on
> > the
> > > > > system via explorer they indicate they correct. The only way that
I
> > can
> > > > get
> > > > > full access to folders is if I disable & re-enable the "allow
network
> > > > users
> > > > > to change my files" checkbox. After doing that the permissions
are
> > reset
> > > > and
> > > > > access is fine from the remote system.
> > > >
> > > > You seem to be sharing out local drives C:, D:, and V: with
sharenames
> > of c,
> > > > d, and v, respectively. These should already be shared out as c$,
d$,
> > and
> > > > v$, so it is not clear why you are adding the additional redundant
> > > > sharenames.
> > > >
> > > > But, aside from that, I think the problem is that you migth be
> > connecting to
> > > > these shares with an account that lacks sufficient privileges to get
> > past
> > > > the NTFS permissions on the folders in question.
> > > >
> > > > /Al
> > > >
> > > > > I have tried running the two scripts noted below, but they did not
> > resolve
> > > > > the issue either:
> > > > >
> > > > > From: Max L. Vaughn (maxvonl...@microsoft.com)
> > > > > Subject: RE: Add User to sharefolder
> > > > > Newsgroups: microsoft.public.platformsdk.adsi
> > > > > Date: 2001-11-16 14:01:51 PST
> > > > > http://groups.google.com/groups?selm=ejzoroubBHA.253%
> > > > > 40cppssbbsa01.microsoft.com
> > > > >
> > > > > From: [MS] Tim Chen (timchen2...@hotmail.com)
> > > > > Subject: Re: Folder Security
> > > > > Newsgroups: microsoft.public.win32.programmer.wmi
> > > > > Date: 2002-06-13 13:06:05 PST
> > > > >
> > http://groups.google.com/groups?selm=3d08f9d7%241%40news.microsoft.com
> > > > >
> > > > >
> > > > >
> > > > > The computer that has this script run on it is part of a
workgroup.
> > The
> > > > > share is being mounted on the remote computer using the "shared
> > computer'
> > > > s"
> > > > > administrator username and password.
> > > > >
> > > > >
> > > > >
> > > > > Anyway I will continue to search, but it sure would be nice to get
> > some
> > > > help.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > '
> > > > >
> > > > > strFileName = "sharedrives.vbs"
> > > > >
> > > > > strScriptVersion = "1.0"
> > > > >
> > > > > '
> > > > >
> > > > > ' COMMENT:
> > > > >
> > > > > ' This script will share system drives c, d, and v.
> > > > >
> > > > > '
> > > > >
> > > > > '
> > > > >
> > > > > '
> > > > >
> > > > > '
> > > > >
> > > > >
> > > >
> >
'==========================================================================
> > > > >
> > > > >
> > > > >
> > > > > On Error Resume Next
> > > > >
> > > > > 'dump script name and version info
> > > > >
> > > > > WScript.Echo "FileName: " & strFileName &vbCrLf & "Version: " &
> > > > > strScriptVersion &vbCrLf
> > > > >
> > > > >
> > > > >
> > > > > 'define vars
> > > > >
> > > > > Dim strComputer
> > > > >
> > > > > Dim intTotalErrors
> > > > >
> > > > > Dim strShareFolder
> > > > >
> > > > > Dim strShareName
> > > > >
> > > > > Dim strShareDescription
> > > > >
> > > > > Dim objWMIService
> > > > >
> > > > > Dim objNewShare
> > > > >
> > > > > Const FILE_SHARE = 0
> > > > >
> > > > > Const MAXIMUM_CONNECTIONS = 25
> > > > >
> > > > >
> > > > >
> > > > > 'set strComputer to local computer
> > > > >
> > > > > strComputer = "."
> > > > >
> > > > > intTotalErrors = 0
> > > > >
> > > > >
> > > > >
> > > > > 'use GetObject to connect to the WMI cimv2 namespace on the local
> > computer
> > > > >
> > > > > Set objWMIService = GetObject("winmgmts:" _
> > > > >
> > > > > & "{impersonationLevel=impersonate}!\\" & strComputer &
> > "\root\cimv2")
> > > > >
> > > > >
> > > > >
> > > > > 'create an instace of the win32_share object
> > > > >
> > > > > Set objNewShare = objWMIService.Get("Win32_Share")
> > > > >
> > > > >
> > > > >
> > > > > 'Use the Create method to create the system root share, and trap
any
> > > > errors.
> > > > > The create method is passed the following parameter values:
> > > > >
> > > > > strShareFolder = "C:\" ' strShareFolder -
> > Local
> > > > path
> > > > > of the folder being shared.
> > > > >
> > > > > strShareName = "c" ' strShareName -
> > Network
> > > > > name to be assigned to the new share.
> > > > >
> > > > > ' FILE_SHARE -
> > Constant
> > > > > indicating that the new share is a standard network file share.
> > > > >
> > > > > ' MAXIMUM_CONNECTIONS -
> > Constant
> > > > > setting the maximum number of simultaneous connections
> > > > >
> > > > > ' to the new share to
25.
> > > > >
> > > > > strShareDescription = "system root share" ' strShareDescription -
> > > > > Description available to users accessing the share through Network
> > > > > Neighborhood.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > errReturn = objNewShare.Create (strShareFolder, strShareName,
> > FILE_SHARE,
> > > > > MAXIMUM_CONNECTIONS, strShareDescription)
> > > > >
> > > > > intTotalErrors = intTotalErrors + errReturn
> > > > >
> > > > > If intTotalErrors <> 0 Then
> > > > >
> > > > > Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _
> > > > >
> > > > > & "Contact Test Engineering before continuing
on."
> > > > >
> > > > > End If
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 'Use the Create method to create the system data share, and trap
any
> > > > errors.
> > > > > The create method is passed the following parameter values:
> > > > >
> > > > > strShareFolder = "D:\" ' strShareFolder -
> > Local
> > > > path
> > > > > of the folder being shared.
> > > > >
> > > > > strShareName = "d" ' strShareName -
> > Network
> > > > > name to be assigned to the new share.
> > > > >
> > > > > ' FILE_SHARE -
> > Constant
> > > > > indicating that the new share is a standard network file share.
> > > > >
> > > > > ' MAXIMUM_CONNECTIONS -
> > Constant
> > > > > setting the maximum number of simultaneous connections
> > > > >
> > > > > ' to the new share to
25.
> > > > >
> > > > > strShareDescription = "system data share" ' strShareDescription -
> > > > > Description available to users accessing the share through Network
> > > > > Neighborhood.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > errReturn = objNewShare.Create (strShareFolder, strShareName,
> > FILE_SHARE,
> > > > > MAXIMUM_CONNECTIONS, strShareDescription)
> > > > >
> > > > > intTotalErrors = intTotalErrors + errReturn
> > > > >
> > > > > If intTotalErrors <> 0 Then
> > > > >
> > > > > Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _
> > > > >
> > > > > & "Contact Test Engineering before continuing
on."
> > > > >
> > > > > End If
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 'Use the Create method to create the system video share, and trap
any
> > > > > errors. The create method is passed the following parameter
values:
> > > > >
> > > > > strShareFolder = "V:\" ' strShareFolder -
> > Local
> > > > path
> > > > > of the folder being shared.
> > > > >
> > > > > strShareName = "v" ' strShareName -
> > Network
> > > > > name to be assigned to the new share.
> > > > >
> > > > > ' FILE_SHARE -
> > Constant
> > > > > indicating that the new share is a standard network file share.
> > > > >
> > > > > ' MAXIMUM_CONNECTIONS -
> > Constant
> > > > > setting the maximum number of simultaneous connections
> > > > >
> > > > > ' to the new share to
25.
> > > > >
> > > > > strShareDescription = "system video share" '
trShareDescription -
> > > > > Description available to users accessing the share through Network
> > > > > Neighborhood.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > errReturn = objNewShare.Create (strShareFolder, strShareName,
> > FILE_SHARE,
> > > > > MAXIMUM_CONNECTIONS, strShareDescription)
> > > > >
> > > > > intTotalErrors = intTotalErrors + errReturn
> > > > >
> > > > > If intTotalErrors <> 0 Then
> > > > >
> > > > > Wscript.Echo strProcess & " sharedrives FAILED!" & vbCrLf _
> > > > >
> > > > > & "Contact Test Engineering before continuing
on."
> > > > >
> > > > > End If
> > > > >
> > > > >
> > > > >
> > > > > WScript.Quit intTotalErrors
> > > > >
> > > > >
> > > > >
> > > > > ' Network Share Return Values
> > > > >
> > > > > '
> > > > >
> > > > > ' Value Description
> > > > >
> > > > > ' 0 The operation completed successfully.
> > > > >
> > > > > ' 2 The operation could not be completed because access was
denied.
> > > > >
> > > > > ' 8 The operation could not be completed because of an unknown
> > problem.
> > > > >
> > > > > ' 9 The operation could not be completed because an invalid name
was
> > > > > specified.
> > > > >
> > > > > ' 10 The operation could not be completed because an invalid level
was
> > > > > specified.
> > > > >
> > > > > ' 21 The operation could not be completed because an invalid
parameter
> > was
> > > > > specified.
> > > > >
> > > > > ' 22 The operation could not be completed because a share by this
name
> > > > > already exists.
> > > > >
> > > > > ' 23 The operation could not be completed because this is a
redirected
> > > > path.
> > > > >
> > > > > ' 24 The operation could not be completed because the specified
folder
> > > > could
> > > > > not be found.
> > > > >
> > > > > ' 25 The operation could not be completed because the specified
server
> > > > could
> > > > > not be found.
> > > > >
> > > > > ' Other The operation could not be completed.
> > > > >
> > > > >
> > > >
> > > >
> > > >
> >
> >
> >

• Next message: steve: "Re: Extracting e-mail accounts from A.D."
• Previous message: papejack: "RE: Copying folder over a network"
• In reply to: jong: "Re: can't get access to disk share when connecting from a remote s"
• Next in thread: jong: "Re: can't get access to disk share when connecting from a remote s"
• Reply: jong: "Re: can't get access to disk share when connecting from a remote s"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint