Windows 10 --> Server 16 Don't have permissions to view a shared file

Software & Operating Systems Windows
1

I’ve had a repurposed server running Windows Server 2016 in my home for about half a year now, and it’s worked great. I’ve been doing daily backups to it, and it’s a handy place to do file swaps from my workstation to my laptop and back.

Yesterday I did a fresh install on Windows 10 Pro on the workstation. Now I can’t access my file shares. I get a “Network Error” window.

Windows cannot access \NameOfServerHere\NameOfSharedFileHere

You do not have permission to access \NameOfServerHere\NameOfSharedFileHere. contace your network administrator to request access.

Now, this is confusing me because I have the permissions (On the server side) set up as Allow --> Everyone and normally I just get a log in prompt to log into the server and that’s it. I’m not even getting that now.

I’m not sure which switch I need to flip to make this work again. Halp?

2

Little update.

If I manually type in the server and folder address in the Windows backup and restore program, I can access and restore my backup files. So it’s just Windows file explorer that won’t let me access the files on the server manually.

3

The backup program works because it is using the SYSTEM account (IIRC) to perform the backup and recovery.

On the share I would check both the share permissions and the NTFS permissions.

What are these set to?

4

I don’t have any complex rules set up for the share, and I haven’t messed with it. It was working on the previous install of Windows, so whatever is going on, it’s on the workstation side, not the server side.

image
image.png929x299 54.5 KB

5

Not disagreeing with you, just ruling stuff out. What does the permissions tab look like?

6

Looks like so.

image
image.png1246x322 123 KB

7

Are you running AD and what smb version is the server enforcing?

8

So I quickly spun this up with the following VMs

Name: Server2016
User: Administrator
IP: 192.168.0.100

Name: Windows10
User: End User
IP: 192.168.0.101

Windows 10 PC has a hosts file entry for the server.

Share
Share.png821x1137 170 KB

security
security.png828x614 126 KB

Windows10%20login
Windows10 login.jpg827x1133 122 KB

login%20with%20admin
login with admin.png806x1135 242 KB

success
success.jpg944x1131 106 KB

So this question(s) are now.

What account are you using to access the share from the workstation?
How does the server know what that account is?
How does the workstation do name resolution of the server?

If I use the workstation user account the process fails as I would expect.

end%20user
end user.png805x1135 241 KB

fail
fail.png813x1129 240 KB

Here are a couple of useful reads about permissions and groups.

The Difference Between Everyone and Authenticated Users

NTFS Permissions vs Share

9

So yeah, I don’t know crap about servers and permissions and all that, this is just a glorified NAS. The questions about “what account are you logging in with” or “how does the server know…” I don’t know.

None of this has ever mattered. I can still access the server on my laptop. I can’t on the workstation.

As to the question do I have AD installed? No. I’m only running the File and Storage Services (2 of 12 installed) in the Server Roles section.

As far as I can tell, I’ve done everything on the server side that the server needs me to do, hence the laptop can log in. The workstation won’t even let me try to log in.

You are asking me questions that are over my head so far, gotta dumb it down for this dumbass :smile:

1 Like
10

Why use server then? Windows 10 built in filesharing is robust enough. Linux is more stable and does file sharing with samba. If you’re not using active directory accounts or running a domain, Windows server to serve files is like buying a big diesel superduty to tow a bicycle.

You might need to go into the credential manager and delete the saved creds on the machine that isn’t working. I have a hunch it’s using incorrect creds. The account on the server that has ownership of the files should be the one you use to access the files.

Also instead of UNC path try using the direct ip
Ex: \\192.168.0.254\share

11

See that’s now noob I am at this, I didn’t know what Credential Manager was, or that it even existed until you mentioned it.

So I looked at it, and I compared it to the laptop. The workstation has just one generic credential, it seems to have a randomly generated username and password, definitely something I didn’t do. (There are on web credentials on either machine)

image
image.png1097x580 18.9 KB

The laptop also has this credential, though with a different username. It also possesses several others. You think this guy here is my problem, maybe remove it and see if that helps?

So I’m using Server because I was too stupid to figure out samba or Nextcloud. I did try to make that a Linux box when I first got it, and I spent about three weeks off and on trying different Linux distros, trying to set up samba which I couldn’t figure out, then I tried Nextcloud which I also couldn’t figure out. I’m just not familiar enough with Linux to know what the hell I’m doing in the terminal so when I’m following a tutorial step by step, and something doesn’t happen the way the tutorial says it should, I have zero background or knowledge about how to proceed, and that’s my issue with Linux in general. I’ve just never had the time or inclination to sit down and grind through understanding the terminal.

So that’s why I’m towing my bicycle with a semi truck.

2 Likes
12

I dont see a credential problem. did you try direct IP? UNC paths in 10 have given me headaches before with mounted drives and using the IP solved it. If the server is not discoverable in network via the file explorer it refuses to resolve and therefore wont browse.

As for samba/nextcloud. Samba is fairly straight forward but can be daunting for newcomers. The samba.conf is the key to getting a share working. We could absolutely help you with that if you wanted. Nextcloud is a different animal but once its setup you can pretty much forget about it. It can update through the web interface though not automatically. You would still need samba with nextcloud for local shares though. I have done both in an active directory environment at work so I can offer assistance but its not really necessary if you dont want to. Windows server will work just fine, though standard windows 10 will do the trick too.

13

You could make a test where you force a specific user.

Run this:

net use \\123.123.123.123 /user:DOMAIN\Administrator myExceptionallynicePASSword

It should tell you that the command completed successfully. Of course replace IP with correct IP or Hostname, and domain (if applicable), username and password.

After that you can open \\123.123.123.123 in file explorer and it will NOT ask for a password. It will instead use the one you just specified.

To get rid of this again run:
net use * /del

14

I’m kinda necroing my own post, but nothing has changed. I basically just gave up for a while, built a RAID on my workstation and started backing up to that, and just quit using the server.

But I still want to use the server for file sharing, now especially as I get into sculpting with blender, I want to easily switch from workstation, to Surface and/or Laptop and back and just save the files to a common location, and the RAID server would be a great location for that.

So anyway, I’m still about where I left off. I can connect to the share folder with my lap top, but I still can’t get in with the workstation.

I’ve done the best to do the steps you all have suggested so far, but I’m pretty sure I’m just doing them wrong. I tried manually entering the server address into file explorer to access the share file, but I get the same message where I don’t have permission.

I’ve fiddled with the Net Use command, but it’s a bit intimidating so far. Here’s what I’ve got.

Entered just the simple “net use” command;

image
image.png893×415 11 KB

So like, I can see the folder? What’s that about? Just the one folder, there are others on that drive, but I can actually see the one I want to access.

As for doing anything beyond that, I just keep screwing up the syntax and I can’t get the command to run;

There’s just too much there for me to unpack just yet.

I think I have the first part right, which is basically \\NameOfServer

But after that, I dunno. Do I actually type user or do I need to replace that with something, if so what? Everyone? The name of the Workstation I’m on?

What about DOMAIN Do I use that, or something else, if so, what?

After that I understand it as the log in and password for the server, so I think I have that understood.

So I just need help with the middle bit to run that command.

Or if someone has some other ideas for me, that would be great too.

15

I went into the server, and I gave full control access to (cringe) everyone to the whole drive, and to the share folder.

Now I can at least view the folder, but I still can’t write to it. I can’t delete files that are on it, but I modified the Everyone group to have full control, so I dunno what’s going on.

Edit: Just to clarify old news, I’m able to read and write, do whatever I need from my lap top, but not my workstation. And I have no idea what’s different between them

Edit 2: I also have enabled access based enumeration, so if I didn’t have permission to a file, I shouldn’t even be able to see it, yet I can, so again confusions.

Edit 3: Oof, I managed to get it functioning, though I’m not satisfied with the permissions, at least I got over hurdle one which is just make it function. Next I need to figure out groups and setting it so just specific devices on the network can access the server.