Access Denied Error:5 Adding Package to .WIM with DISM

Similar Messages

• Access Denied Error For Shared Folder with Win Server 2008R2 Task Manager Scheduled Task

  Hi,
  I have scheduled a Task with the Task scheduler. It invokes an .EXE file after every 5 min.
  The application is supposed to access some files lying on a different Server's shared path, process them and move them across folders on the Shared path only.
  Problem: When the .EXE gets executed from the Task scheduler, I am getting "Access Denied to the Shared path" error. I have already given Full Control to Everyone as well as to the Account with which the Task has been configured with.
  Another important point to note is, if I run the .EXE manually, the solution is able is able to do everything intended; I don't get any Access Denied error.
  Kindly help me with what needs to be done in order that this issue is resolved. This is really urgent for me.
  Thanks a lot in advance..
  AC

  Hello Alex,
  first of all, make sure your task was correctly create: How to Create Advanced Tasks with the Task
  Scheduler.
  Please, read these:
  TechNet Library Task Security Context
  TechNet Forums post How
  does "Run with the highest privileges" really work in Task Scheduler ? - Look at the answer "...When you want to run a program with admin rights from a standard user account, you have to select "run whether the user is logged
  on or not" and select a user which is member of the admingroup."
  TechNet Forums post
  Log on as batch job right (written on previous post)
  serverfault Task Scheduler is not executing the program
  serverfault
  unable to schedule a task (access denied)
  UAC: Do you receive the User Account Control "Windows need your permission to continue" message to approve the scheduled application ?
  If yes, maybe "Run with highest privileges" option will not take precedence of the UAC. While the Admin Approval Mode for built-in Administrator account is enabled, UAC will still ask for approval according to the settings on the Behavior
  of elevation to prompt for the administrators. Check whether the "User Account Control: Admin Approval Mode for built-in Administrator account" is enabled. If yes, disable it or change the setting on "User Account Control: Behavior
  of elevation to prompt for the administrators" to elevate without prompting.
  Local Computer Policy ---> Computer Configuration ---> Windows Settings ---> Security Settings ---> Local policies ---> Security Options (source: Task
  Scheduler "run with highest privileges": does not work on Windows Server 2008 ?)
  Bye,
  Luca
  Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

• Access Denied error with basic XML file operations

  Hi,
  I'm trying to set up a basic read, write and delete code for XML files which I can build upon in the future. The three methods are bound to three buttons on the page and all three calls are awaited. Here's my code:
  Write:
  XElement uservarnodes = new XElement("uservars",
  new XElement("uservar1", "1"),
  new XElement("uservar2", "2"),
  new XElement("uservar3", "3"),
  new XElement("uservar4", "4"),
  new XElement("uservar5", "5"),
  new XElement("uservar6", "6"),
  new XElement("uservar7", "7"),
  new XElement("uservar8", "8"));
  StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
  var file = await local.CreateFileAsync("uservarfile.xml", CreationCollisionOption.ReplaceExisting);
  var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
  using (var outputStream = stream.GetOutputStreamAt(0))
  DataWriter mydataWriter = new DataWriter(outputStream);
  mydataWriter.WriteString(uservarnodes.ToString());
  await mydataWriter.StoreAsync();
  await outputStream.FlushAsync();
  Read (outputs the data to a textblock):
  StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
  var file = await local.GetFileAsync("uservarfile.xml");
  string readtext = await Windows.Storage.FileIO.ReadTextAsync(file);
  XElement uservarnodes = XElement.Parse(readtext);
  txtTarget.Text = uservarnodes.ToString();
  Delete:
  StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
  var file = await local.GetFileAsync("uservarfile.xml");
  await file.DeleteAsync(StorageDeleteOption.PermanentDelete);
  When I tap each of the buttons once it all seems to work. But when I tap any of the buttons again within the same debug session I get an Access denied exception (E_ACCESSDENIED). Other people with this error had to await when calling their method, but I'm
  already doing that: private async void btnWrite_Click(object sender, RoutedEventArgs e) { await WriteToXMLFile(); }, etc.
  And the intervals between my taps isn't that short that you'd expect that the previously called method still had not finished completing. I don't understand why I'm getting the access denied error.
  Related to my question: I have added XML to the File Type Associations, File Open Picker and File Save Picker in the appxmanifest, but somewhere I read that you do not need to do this if you're working with local app data only. Is this true?

  var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
  I think because of your file stream hasn't been closed.
  by the way, it can be easier  by using System.IO.OpenStreamForWriteAsync extension method
  async public static Task<bool> SaveTextFileAsync(string filename, string data)
  byte[] fileBytes = System.Text.Encoding.UTF8.GetBytes(data);
  StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
  var file = await local.CreateFileAsync(filename, CreationCollisionOption.ReplaceExisting);
  try
  using (var s = await file.OpenStreamForWriteAsync())
  s.Write(fileBytes, 0, fileBytes.Length);
  return true;
  catch
  return false;
  (need using System.IO namespace)
  在現實生活中，你和誰在一起的確很重要，甚至能改變你的成長軌跡，決定你的人生成敗。 和什麼樣的人在一起，就會有什麼樣的人生。 和勤奮的人在一起，你不會懶惰； 和積極的人在一起，你不會消沈； 與智者同行，你會不同凡響； 與高人為伍，你能登上巔峰。

• Access denied error while uploading the document into document library which is associated with a content type

  hi,
   am trying to upload a document in a document library which is associated  with content types [ the content type contains 10 site columns and one of them is taxonomy field]. i added this content type in the document library.
  this document library is residing in a team site which is saved as a template and  based on this template i have created sub sites.
  and when i tried to upload a file to the doc lib, it throws me "access denied error".
  what may be went wrong .
  any help is  appreciated!

  Access denied indicates the user account uploading the file doesn't have access to the library, or sometimes it means there's already a document in the library with the same name that was never checked in. It's also possible that your template contains
  custom code that tries to do something that is not allowed.
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• Access Denied error on Registry Key with CRXIR2A SP6

  We ship now the latest CRXI version (2ASP6) with our application. One of our users (Win7 Home SP1)  gets an error on instantiating a report. Using ProcMon.exe this seems to be caused by an Access Denied error when accessing the  HKLM\Software\Wow6432Node\Business Objects\Suite 11.5\Crystal Reports key. What can be the cause?

  Hello Ludek,
  I had to take ownership and then change persmissions to full. The problem did not go away however. As I noticed that the register key mentioned did not contain any subkeys I tried to remove it. This again failed because of persmission denied error. Funnily some subkeys suddenly showed up. I took ownership, changed permissions and tried again. Lo and behold the subkeys I tried to delete (and in which no subkeys were visible) suddenly showed more subkeys. At this point I stopped fearing that I was damaging the client's computer. The subkeys were related to the RAS server. Does that say anyting to you?
  André

• Publishing cancels with "access denied" error when publishing updates to desktop layout

  Hello, all,
  Wondering if anyone else has run into this issue: we update and republish our help projects frequently. We're currently using a layout based on the desktop layout (colors, fonts, and some other screen elements have changed). The project generates successfully. We publish via file transfer and have the "republish all" setting selected. Sometimes when we publish our multiscreen HTML5 layout, it cancels about halfway through the estimated time with a "publishing cancelled - access denied" error. If we delete the layout folder ("desktop" in this case) from the publishing location and retry publishing, it succeeds.
  Has anyone else encountered this issue? If so, what fixes (other than deleting content and republishing) have you found?
  FYI, we also publish the same projects to the WebHelp Pro layout without any issues.
  Thanks in advance for your help.

  This problem used to occur with Publishing from Rh but I have not seen it for a long time, either myself or in posts.
  Maybe Item 5 at http://www.grainge.org/pages/snippets/snippets.htm#webhelp will help.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Getting the error access denied trying to modify the workbook with identifier in Disocverer Admin

  Hi All,
  I have exported a workbook created by business user as an .eex file logging in as discoverer admin from a Production enviornment (transactional databse) and trying to import it to a different environment called reporting environment ( non transactional databse) and getting a warning 'WFS GTP REPORT SINAPORE.eex:Access denied trying to modify the workbook with identifier 'WFS_GTP_REPORT_SINGAPORE'.
  It says Files Partially Imported so clicked on Finish to complete the import.
  The report has been imported under the user account but the sharing to the different responsibilities/Users has not been imported. I need to import the report with the sharing of the responsibilities/users as well.
  I do not have an option login into discoverer administratore using the user account, i can only login using the administator account ( i know loging in as the business user it self will allow you to import the sharing). But our DBA's oppse this is a security threat for the users as you are logging in as the user in production environment.
  Please help with this issue.

  I have the same problem, and I figured out that my windows is installed in french, and every users groups are created in french also, groups like Everyone don't exists and i can't change by console.
  Regards, Roberto Borges please remember to mark the replies as answers if they help and unmark them if they provide no help.

• Access denied error while writing a file to the file system - myfileupload.saveas() throws system.unauthorizedexception

  hi,
  as part of my requirement , i have to perform read and  write  operations of  few files [ using the file upload control in my custom visual web part] and on submit button click.
  but while writing these files - with the help of  fileupload control - and when i use  myfileupload.saveas(mylocation);
  - i am saving these files into my D:\ drive of my server , where i am executing my code -, am getting access denied error.
  it throws system.unauthorizedexception.
  i have given full control on that folder where i was trying to store my attached files. and also  after following asp.net forums,
  i have added  iusr group added and performed all those steps such that, the file is saved in my D:\ drive.
  but unfortunately  that didnt happen.
  also
  a) i am trying the code with runwithelevatedprivileges(delegate() )  code
  b) shared the drive within the  d :drive where i want o save the files.
  c) given the full privieleges for the app pool identity- in my case , its
  network service.
  the  other strange thing is that, the same code works perfectly in  other machine, where the same sp, vs 2012  etc were installed .
  would like to know, any other changes/ steps i need to make it on this  server, where i am getting the  error.
  help is  appreciated!

  vishnuS1984 wrote:
  Hi Friends,
  I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
  public static void copyFiles(File src, File dest) throws IOException
  // dest is a 'File' object but represents the C:\GetMe1 directory, right?
  fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
  BTW, this is awful:
  catch (IOException e)
  IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
  src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
  wrapper.initCause(e);
  wrapper.setStackTrace(e.getStackTrace());
  throw wrapper;
  }1) You're hiding the original IOException and replacing it with your own? For what good purpose?
  2) Even if you had a good reason to do that, this would be simpler and better:
  throw new IOException("your custom message goes here", e);
  rather than explicitly invokign initCause and setStackTrace. Yuck!

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Sql agent job getting file access denied error

  I'm not sure if this question belongs in this forum. Please move it if you want to.
  Here is my question. I have an ssis package that is running into an error at the file system task trying to move a file. The package is deployed to the catalog and I am running the package using the stored procedure
  [SSISDB].[catalog].[start_execution] @execution_id
  When I execute this stored proc in Management Studio while logged in under a sysadmin, everything works fine. But when I call the same TQL in SQL Agent job, I get a file access denied error. This has something to do with the id that is getting used
  to run the package and I am not sure how to track that down. Any help would be appreciated.
  I've check the windows permission on both the id that is running the SQL Agent and SQL SSIS Service. Both seem to have the right windows permission.

  Please see:
  http://support.microsoft.com/kb/918760

• Two forests trusted "Access denied error" while RDP

  Hi Everybody,
  I have two forests 
  for ex:
  TestA & TestB
  I have created one Global group called "XYZ" in 'TestA' forest and added the users. 
  Both the forests are trusted. 
  In 'TestB' forest i have two servers. Computer1 & Computer2
  I have added "XYZ" group from "TestA" to Local administrators group of "TestB" and these groups are in restricted groups.
  Iam able to access upn \\computer1\C$ from TestA forest. But when i am trying to RDP to "Computer1" iam getting Access Denied error.
  Computer1 is (2008 R2) and forest & domain functional lever is 2003
  Kindly advise on this issue.
  Thanks!!

  Hi,
  I assume you don't have RDSH role installed.
  Have a look here
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Access Denied error (code 5)

  Hi
  I am using server 2008 r2 sp1 while installing any windows update or my sql I am getting error code 5 access denied
  and i am installing with Admin ID. What can be the reason?

  Checked this ? 
  https://social.technet.microsoft.com/Forums/en-US/522a1177-22eb-458b-a113-d1958e0b991e/sql-express-access-denied-error-code-5?forum=sqlexpress
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Access denied error while trying to install graphics drivers

  Hello,
  I have a new toshiba laptop P70-A. I have installed windows 7 and the pc was working excellent up until now. Noticed yesterday that the nvidia automated system failed to install the new update. When I tried to install the new driver manually, even from the
  device manager, I got the access denied message. 
  A day now wasted reading all the possible causes and solutions but with no luck. Read all the forums and all the posts, tried almost everything. Below youll find everything I tried as a solution and failed.
  1.Disabled UAC
  2.Enabled the administrator account and trying to take control from there
  3.Run the subinacl and the reset.cmd
  4.Tried manually to take control the folder windows (and access denied while changing the rights)
  5. Scanned the system with everything there is available ( Kaspersky, MalwareBytes, RegCurePro, Tuneup Utilities, CCleaner) The system came out clean.
  6. Tried restoring the system to an earlier time (got again access denied error code 0x80070005)
  7. Checked all the group policies (all seem to be fine)
  8. Run a script to take immediate ownership over all of C:
  TAKEOWN /A /F C:
  then the next one
  TAKEOWN /F C: 
  9. With subinacl I run all the above scripts... (still nothing changed)
  @echo off
  title Resetting ACLs...
  echo.
  echo Determine whether we are on an 32 or 64 bit machine
  echo.
  if "%PROCESSOR_ARCHITECTURE%"=="x86" if "%PROCESSOR_ARCHITEW6432%"=="" goto x86
  set ProgramFilesPath=%ProgramFiles(x86)%
  goto startResetting
  :x86
  set ProgramFilesPath=%ProgramFiles%
  :startResetting
  echo.
  cd /d "%ProgramFilesPath%\Windows Resource Kits\Tools"
  echo. 
  echo Resetting ACLs...
  echo (this may take several minutes to complete)
  echo. 
  echo IMPORTANT NOTE: For this script to run correctly, you must change
  echo the values named Athena to be the Windows user account that
  echo you are logged in with.
  echo.
  echo ==========================================================================
  echo. 
  echo. 
  subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators > %temp%\subinacl_output.txt
  echo. 
  echo. 
  subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  echo System Drive...
  subinacl /subdirectories %ProgramFilesPath%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  echo Windows Directory...
  subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
  echo. 
  echo. 
  echo ==========================================================================
  echo. 
  echo FINISHED.
  echo. 
  echo Press any key to exit . . .
  pause >NUL
  Im frustrated really... ANY help at all would be really appreciated.
  Thanks in Advance and sorry for the long post
  Athena 

  Hello,
  Thanks for the replies, i much appreciate it. I tried all of the above with no luck again. Safe mode allows me though to install drivers but thats reverting the moment im entering windows. Im always running commands and programs as a administrator or in
  the Admin enabled account.
  It seems the problem is solved today. Via tune up utilities I disabled most of the startup programs and services and it seems that 1 service is causing this issue. Although I havent played much with the disabled services but 3 remain to be checked. One of
  the three is causing this.
  Thanks again guys and Ill keep you posted about the soft. conflict.
  Athena

• Access Denied Error while accessing "Site Settings Access requests and invitations"

  Hi,
  I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint  2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
  site collection account. So, what permission I have to give my regular account to access this page?
  Thanks, Pal

  Hello,
  Have you recently changed the Owners group of the site collection or removed the user from the original owners group? 
  The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created.  If this "regular account" is not part of that owners
  group, the user will receive access denied.  Site Collection Admins always have permissions for the Access Request List.
  A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us.  By giving the correct group or user the permissions to this list, the users will not receive
  the Access Denied issue anymore.  
  Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
  was.  Below are additional steps to restore full functionality.
  1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
  is set correctly.  (There is a group selected)
  2) Add user to that Owners Group.  (Issue may be resolved at this step if the site collection Owners
  Group was never changed, if not continue to next step.)
  3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
  group as Full control on Access Request list Permissions.
  Let me know how this works out for you.
  - Shpendi Jashari

• Timerjob Access denied error while opening web object

  Hi Team,
  I have created a timer job to get list information on the site. Everything is fine in the development(Stand alone server) . Got access denied error while running same timer job in QA server(one app and one WFE).
  Note: This timer job is globally deployed.
  Code snippet : 
  SPSite site1 = webApp.Sites[0];
  SPWeb web = site1.RootWeb;
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(site1.ID))
  using (SPWeb currWeb = site.OpenWeb(web.ID))                  // Got access denied error here.
  Additional information:
  Sharepoint timer service account : Domain\SP_Farm
  Site app pool account : Domain\SP_App.
  Both accounts have site collection administrative access on the site. Do i need to check access permissions on DB level also  this error ?
  Waiting for urgent reply..

  Hi,
  1. Please check the link below:
  Fixing Access Denied Errors With SharePoint 2010 Timer Jobs
  http://www.sharepointsecurity.com/sharepoint/sharepoint-security/fixing-access-denied-errors-with-sharepoint-2010-timer-jobs/
  2. Try to set RemoteAdministratorAccessDenied  to false using PowerShell
  Access denied when deploying a timer Job or activating a feature from SharePoint 2010 content web application
  https://support.microsoft.com/kb/2564009?wa=wsignin1.0
  3. Check your ULS log for detail error message.
  Best Regards
  Dennis Guo
  TechNet Community Support