Access denied error in a popup for most of the clients.

Hi all,
 i implemented the search help in a popup. its working well in some clients and in some clients it's not .
 here clients means not different browsers different workstations.
 the problem is .
 from the popup i am setting the opener field value.
the code is as follows.
 parent.document.getElementById("XXXXX").value ="XY";
 here i am getting the Access denied error on some clients and some clients the value is getting set.
 how could i overcome this problem,
Regards,
shiva.

Hi
 i tried how was it in the thread mentioned in the above reply, but not getting it .
but what i noticed is
 if my server domain is like ABC.COM it's working .
 if the server domain is like ABC.XXX.COM then it's not working
Any suggestions will be appreciated.
Regards
shiva.

Similar Messages

Access Denied Error Message in KM for the report published from BI

Hi,
Whenever we publish a Report from Bex Report Designer using Bex Broadcaster the report is getting published in the right KM Folder we choose, but when we click that link with in KM and choose Details we get a message saying "Access Denied". Due to this error that link is invisible in the actual iview where my KM folder is displayed.
This Problem occurs only with Reports from Report Designer and not with Query from Query Designer and Web Templates from Web Application Designer.
The user I use in BI and EP is the same. I am the owner of the KM folder and so I have full access to the folder.
Is there any particular authorization required from BI side?
Thanks
Sathish

This forum supports setup of the .NET Framework itself.
For best suggestions on your web project configuration issue, I suggest you ask in a topical ASP.NET forum, here:
http://forums.asp.net/
This forum may be best:
http://forums.asp.net/26.aspx/1?Configuration+and+Deployment
Thank you for your understanding.

Access denied error while trying to install graphics drivers

Hello,
I have a new toshiba laptop P70-A. I have installed windows 7 and the pc was working excellent up until now. Noticed yesterday that the nvidia automated system failed to install the new update. When I tried to install the new driver manually, even from the
device manager, I got the access denied message.
A day now wasted reading all the possible causes and solutions but with no luck. Read all the forums and all the posts, tried almost everything. Below youll find everything I tried as a solution and failed.
1.Disabled UAC
2.Enabled the administrator account and trying to take control from there
3.Run the subinacl and the reset.cmd
4.Tried manually to take control the folder windows (and access denied while changing the rights)
5. Scanned the system with everything there is available ( Kaspersky, MalwareBytes, RegCurePro, Tuneup Utilities, CCleaner) The system came out clean.
6. Tried restoring the system to an earlier time (got again access denied error code 0x80070005)
7. Checked all the group policies (all seem to be fine)
8. Run a script to take immediate ownership over all of C:
TAKEOWN /A /F C:
then the next one
TAKEOWN /F C:
9. With subinacl I run all the above scripts... (still nothing changed)
@echo off
title Resetting ACLs...
echo.
echo Determine whether we are on an 32 or 64 bit machine
echo.
if "%PROCESSOR_ARCHITECTURE%"=="x86" if "%PROCESSOR_ARCHITEW6432%"=="" goto x86
set ProgramFilesPath=%ProgramFiles(x86)%
goto startResetting
:x86
set ProgramFilesPath=%ProgramFiles%
:startResetting
echo.
cd /d "%ProgramFilesPath%\Windows Resource Kits\Tools"
echo.
echo Resetting ACLs...
echo (this may take several minutes to complete)
echo.
echo IMPORTANT NOTE: For this script to run correctly, you must change
echo the values named Athena to be the Windows user account that
echo you are logged in with.
echo.
echo ==========================================================================
echo.
echo.
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators > %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
echo System Drive...
subinacl /subdirectories %ProgramFilesPath%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo.
echo.
echo Windows Directory...
subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo.
echo.
echo ==========================================================================
echo.
echo FINISHED.
echo.
echo Press any key to exit . . .
pause >NUL
Im frustrated really... ANY help at all would be really appreciated.
Thanks in Advance and sorry for the long post
Athena

Hello,
Thanks for the replies, i much appreciate it. I tried all of the above with no luck again. Safe mode allows me though to install drivers but thats reverting the moment im entering windows. Im always running commands and programs as a administrator or in
the Admin enabled account.
It seems the problem is solved today. Via tune up utilities I disabled most of the startup programs and services and it seems that 1 service is causing this issue. Although I havent played much with the disabled services but 3 remain to be checked. One of
the three is causing this.
Thanks again guys and Ill keep you posted about the soft. conflict.
Athena

"general access denied error" while implementing out-of-process COM Server Implementation in Windows Phone 8.1

I have a Service (.exe) where I was registering for my COM Component like below
CoInitializeEx(NULL, COINIT_MULTITHREADED);
HRESULT hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, 0);
if (hres != S_OK)
OutputDebugStringA("Security Descriptor not initialized");
ITypeLib* pTypeLib;
HRESULT hr_1 = LoadTypeLibEx(L"ServiceIdl.tlb", REGKIND_REGISTER, &pTypeLib);
if (pTypeLib != NULL)
pTypeLib->Release();
RegisterServer(L"Service.exe", CLSID_classAImpl, L"ClassAImpl Sample", L"Component.ClassAImpl", L"Component.ClassAImpl.1", 0);
g_hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
DWORD reg = 0;
IClassFactory *pIFactory = new classAFactory;
HRESULT hr0 = CoRegisterClassObject(CLSID_classAImpl, pIFactory, CLSCTX_LOCAL_SERVER, REGCLS_MULTIPLEUSE, &reg);
if (FAILED(hr0))
OutputDebugStringA("classAImpl is not registered");
CoUninitialize();
exit(1);
HRESULT hr1 = CoResumeClassObjects();
if (hr1 == S_OK)
OutputDebugStringA("classAImpl is Resumed Registering");
WaitForSingleObject(g_hEvent, INFINITE);
CloseHandle(g_hEvent);
CoRevokeClassObject(reg);
pIFactory->Release();
CoUninitialize();
From Client Code I am CreatingInstance Like Below
COSERVERINFO si;
MULTI_QI qi;
COAUTHINFO cai = { RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, 0, EOAC_NONE };
si.dwReserved1 = 0;
si.pwszName = L"\\\\localhost";
si.pAuthInfo = &cai;
si.dwReserved2 = 0;
qi.pIID = &IID_classA;
qi.pItf = NULL;
qi.hr = 1;
CoInitializeEx(NULL, COINIT_MULTITHREADED);
HRESULT hr = CoCreateInstanceEx(CLSID_classAImpl, 0, CLSCTX_LOCAL_SERVER, &si, 1, &qi);
hr returning error "general access denied error";

I think we may run into the limitations mentioned in the remarks of CoCreateInstanceFromApp doc(show as below). If you can provide a repro project, I
can give you more details about what happens.
The CoCreateInstanceFromApp function reads class registrations only from Fusion contexts and manifests, and from the HKLM\SOFTWARE\Classes\CLSID registry hive.
Only built-in classes that are supported in the app container are supplied. Attempts to activate unsupported classes, including all classes installed by 3rd-party code as well as many Windows classes, result in error code
REGDB_E_CLASSNOTREG.
The CoCreateInstanceFromApp function is available to Windows Store apps. Desktop applications can call this function, but they have the same restrictions as Windows Store apps.
If you are trying to call some windows classes in your library, I will suggest you check how to create windows runtime out of process component by viewing
this sample. This is what I usually do.
To be honest, I did not try to implement the out of process COM component using the method you tried as we previsouly do on desktop. I will suggest you try to register a very simple library(like a signle class and single interface which returns an integer),
and see if it will work.
<THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
Thanks
Alan Yao
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

I get an access denied error when logging into extension builder 2.1 on Flash Builder 4.6

I get an access denied error when logging into extension builder. The error is: You are not eligible to use CSIDE1 services due to the Service Eligibility Requirements.. Very frustrating since there is no other option than to read the adobe legal docs.
Before this started happening I was prompted to put in my birthday (WHO KNOWS WHY ADOBE NEEDS MY BIRTHDAY). I filled it in wrong and now this....
PLEASE HELP

Ok this problem is fixed.
Info for anyone else who faces this problem.
Apparently when adobe designed the extension builder installer package, they decided to get cute and try to figure out what version of the software, the extension builder package files should be installed into. So if you have FB4, FB4.6, and FB.7 there is no telling where it will go. Also if you try moving these folders somewhere else out of the applications directory, the installer will still find them on the system. I finally figured this out by watching my system log and seeing
11/22/13 12:13:46.258 AM cp[70909]: Cannot make directory /Applications/Adobe Flash Builder 4.6/Adobe Flash Builder 4.6.app
Location: /Users/myuser/Downloads/Adobe Flash Builder 4.6-adobegarbage/plugins/com.adobe.cside.ui_2.1.0.201304282312/icons: No such file or directory
After removing every single instance of places the package installer was trying to use. It finally resolved to the correct FB4.6 location. Why adobe could'nt spend a little extra time add a destination selector in the package installer is beyond me, but hey i only wasted 3 days trying to figure this out.... Sadly it isnt the first time i've wasted copius amounts of time fighting Flashbuilder problems.
Halligrimur, thank you for your help. It did lead to me solving the problem.

Access denied error when Loading document library for "contribute" users : Unknown SPRequest error occurred. More information: 0x80070005

Hi,
We are facing a very strange issue on a SharePoint Publishing portal. Domain users (contribute level access) have access to document libraries under specific sub sites. Every morning if they try to access the document library pages, users complain about "Access Denied" issue on document library page. But if a SP Farm admin account login on site, and browse to document library page, access denied issue seems to disappear for end users also. For whole day it works fine. But next day access denied error occurs again. I am not sure why this is happening. I have looked into Event Log and SharePoint Logs, found following information useful, but not sure what to do next.
Please help.
Event log Details:
Server: WFE01
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Publishing
Event ID: 5169
Date:  17/11/2009
Time:  07:47:31
User:  N/A
Computer: SPWFE01
Description:
Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
SP Log files:
All logs are for process: w3wp.exe (0x031C)                       0x17F4 Windows SharePoint Services
·     Begin OnLoad of XmlConsoleDataSource from file "EditingMenu".
·     Attempting to load XML from config file "EditingMenu".
·     PermissionMask check failed. asking for 0x00010000, have 0x00000000
·     Unknown SPRequest error occurred. More information: 0x80070005
·     Access Denied for /Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx.
·     StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), Microsoft.SharePoint.Library.SPRequest:Void OpenWeb(System.String, System.String ByRef, System.String ByRef, System.String ByRef, System.Guid ByRef, System.String ByRef, UInt32 ByRef, System.Guid ByRef, UInt32 ByRef, UInt32 ByRef, UInt32 ByRef, UInt16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int32 ByRef, Boolean ByRef, System.String ByRef, System.String ByRef, Int32 ByRef, Int16 ByRef, ...
...System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.Object ByRef, Boolean ByRef, UInt64 ByRef, Boolean ByRef, Boolean ByRef, System.Guid ByRef, System.Guid ByRef, Int32 ByRef, System.DateTime ByRef, System.DateTime ByRef, System.String ByRef), Microsoft.SharePoint.SPWeb:Void InitWeb(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPSecurableObjectImpl get_SecurableObjectImpl(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPRoleAssignmentCollection get_RoleAssignments(), Microsoft.SharePoint.Publishing.WebControls.ConsoleXmlUtilities:System.String ConfigurationXml(System.String, Boolean), Microsoft.SharePoint.Publishing.W...
...ebControls.ConsoleXmlUtilities:Microsoft.SharePoint.Publishing.WebControls.ConsoleNode GetConsoleNodeCollectionFromXmlFile(System.String, Boolean), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void LoadTreeFromConfigXml(), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void OnLoad(System.EventArgs), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Page:Vo...
...id ProcessRequestMain(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(), System.Web.UI.Page:Void ProcessRequestWithNoAssert(System.Web.HttpContext), System.Web.UI.Page:Void ProcessRequest(System.Web.HttpContext), System.Web.HttpApplication+CallHandlerExecutionStep:Void System.Web.HttpApplication.IExecutionStep.Execute(), System.Web.HttpApplication:System.Exception ExecuteStep(IExecutionStep, Boolean ByRef), System.Web.HttpApplication+ApplicationStepManager:Void ResumeSteps(System.Exception), System.Web.HttpApplication:System.IAsyncResult System.Web.IHttpAsyncHandler.BeginProcessRequest(System.Web.HttpContext, System.AsyncCallback, System.Object), System.Web.HttpRuntime:Void ProcessRequestInternal(System.Web.HttpWorkerReque...
...st), System.Web.HttpRuntime:Void ProcessRequestNoDemand(System.Web.HttpWorkerRequest), System.Web.Hosting.ISAPIRuntime:Int32 ProcessRequest(IntPtr, Int32),
·     Releasing SPRequest with allocation Id {E3BC24ED-F243-4DBD-8625-EE7CF9FDA039}
·     Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
·     Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
·     Releasing SPRequest with allocation Id {D1A87724-6FB6-4009-B6D1-D7E15918E213}
Pryank Rohilla
MCTS, MCAD

Hi pryank,
From the log, it seems that the users don’t have permission on this page:
/Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx
Does the sub site have unique permission instead of inheriting permission from the parent site? If no, you need to make the sub site to inherit permission from the site collection so that master page also inherits the right. If this is not allowed in your organization, please go to “Site Actions”à “Site Settings” à “Master Pages and Page Layouts” to give users permissions on this document library.
Hope this helps.
Lu Zou

Access denied error for Java application on 2630

Hello!
I have bought a 2630 recently. Now I have installed a small Java application that tries to store some data in the phones memory. However, each time the application tries to do so, I get a "java.lang.SecurityException Access denied" message and the application states that it could no save its data. I have set the security settings for that particular application so that the phone should ask before each access to the file system. In fact, before I get the error message, the phone asks whether the application may write data to the file system. But still answering that question with "yes" I get the Access denied error message. Now I am puzzled. By the way, the application uses JSR-75 which the 2630 should support.
Anybody any ideas?
Regards,
Volker

RESOLVED!
I was able to create file from java application on Nokia 2630. Here is how:
1. root C:/ is mapped to folder "Downloads"
2. The folders does not show with their names
3. there are 2 folders in C:/ predefgallery and predefjava
4. in predefgallery there are several predefined folders e.g. predefrecordings is one of them
5. I am able to create file inside predefrecordings, creating file in upper folders is denied
6. user created folders aro NOT shown at all
7. I had to manualy confirm reading of data many times and writing data once.
I hope this can help to other Nokia users since I did not find this anywhere.
Luke

Access denied error for shared variables in application builder

I'm trying to use SVs in my app. I build an exe using app builder. When I run my VI from the project, it works fine. When I run from the app exe, I get an access denied error (-2147024891) trying to write a value to a SV. My SV lib is hosted on my computer (it's a local SVE). I've disabled autodeploy and my VI calls deploy library on the lvlib file before I try to use it. What could I be dong wrong?

Hi knicewar!
Thank you for posting on the discussion forums! What are you refering to when you say SVs? Here is a KnowledgeBase article discussing the same error, although I am not sure it will be a direct application to your VI, since I am unsure what you mean by SV.
Kristen H.

Access denied error for Read user in sharepoint 2010

Hello,
In sharepoint 2010 subsite a user with Read permission getting Access Denied error while login.
Few points:
1. Master pages are approved not in pending status.
2. Site permissions are not inherited.
Please suggest the way to resolve it.
Thank You,
Santosh_09

Check below threads for troubleshooting access denied issue. You can use fiddler to trace what is causing access denied.
http://sharepoint.stackexchange.com/questions/75263/user-has-correct-permissions-for-subsite-but-access-is-denied
http://sharepoint.stackexchange.com/questions/41225/user-permissions-access-denied-sharepoint-2010
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

Access Denied Error For Shared Folder with Win Server 2008R2 Task Manager Scheduled Task

Hi,
I have scheduled a Task with the Task scheduler. It invokes an .EXE file after every 5 min.
The application is supposed to access some files lying on a different Server's shared path, process them and move them across folders on the Shared path only.
Problem: When the .EXE gets executed from the Task scheduler, I am getting "Access Denied to the Shared path" error. I have already given Full Control to Everyone as well as to the Account with which the Task has been configured with.
Another important point to note is, if I run the .EXE manually, the solution is able is able to do everything intended; I don't get any Access Denied error.
Kindly help me with what needs to be done in order that this issue is resolved. This is really urgent for me.
Thanks a lot in advance..
AC

Hello Alex,
first of all, make sure your task was correctly create: How to Create Advanced Tasks with the Task
Scheduler.
Please, read these:
TechNet Library Task Security Context
TechNet Forums post How
does "Run with the highest privileges" really work in Task Scheduler ? - Look at the answer "...When you want to run a program with admin rights from a standard user account, you have to select "run whether the user is logged
on or not" and select a user which is member of the admingroup."
TechNet Forums post
Log on as batch job right (written on previous post)
serverfault Task Scheduler is not executing the program
serverfault
unable to schedule a task (access denied)
UAC: Do you receive the User Account Control "Windows need your permission to continue" message to approve the scheduled application ?
If yes, maybe "Run with highest privileges" option will not take precedence of the UAC. While the Admin Approval Mode for built-in Administrator account is enabled, UAC will still ask for approval according to the settings on the Behavior
of elevation to prompt for the administrators. Check whether the "User Account Control: Admin Approval Mode for built-in Administrator account" is enabled. If yes, disable it or change the setting on "User Account Control: Behavior
of elevation to prompt for the administrators" to elevate without prompting.
Local Computer Policy ---> Computer Configuration ---> Windows Settings ---> Security Settings ---> Local policies ---> Security Options (source: Task
Scheduler "run with highest privileges": does not work on Windows Server 2008 ?)
Bye,
Luca
Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

Oracle Migration Tool giving Access denied error for Read operation

Hi;
Oracle Migration tool is giving access denied error when we are trying to Read a record for Access Profiles.
We are getting (SBL-ODS-50085) error.This is happening only for few records(Access Profiles).
Although the user role is administrator having full access and privilege (Manage User and Access checked).
Pl. help me resolve the issue.
Thanks!

Hi,
Does it happen when you try to read "any" Access Profile?
If yes, please have a look at the
"Admin: Users and Access Controls - Manage Users and Access - Manage Users and establish User Quotas. Define Access Profiles, Roles and Groups to manage data access controls." privilege in the role of the user you use for migration.
In order to avoid any problem, I usually create a "Migration" role temporarily and assign this role ALL the privileges to avoid such failures at the time of export.
Hope this helps,
Best regards,
Charles DUBANT.
http://www.dubant.com/

EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
 1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
 EFS operations occur on the computer storing the files.
 EFS files are decrypted then transmitted in plaintext to the client's computer
 This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
 2) SOLVE by setting up WebDAV (efs files accessed through web folders)
 EFS operations occur on the client's local computer
 EFS files remain encrypted during transmission to the client's local computer where it is decrypted
 This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
 BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
 READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
 a) START ... CMD
 b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
 c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
 1 click START and type "Turn Windows Features On or Off" and open the link
 a) scroll down to "Internet Information Services" and expand it.
 b) put a tick in: "Web Management Tools" \ "IIS Management Console"
 c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
 d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
 e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
 f) click ok
 g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
 a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
 a) on the "Anonymous Authentication" and click "Disable"
 b) on the "Windows Authentication" and click "Enable"
 NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
 It can be by changing registry key:
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
 BasicAuthLevel=2
 c) on the "Windows Authentication" click "Advanced Settings"
 set Extended Protection to "Required"
 NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
 a) on the right side, under Actions, click "Add Allow Rule"
 b) set this to "all users". This will control who can view the "Default Site" through a web browser
 NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
 NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
 a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
 a) on the right side, under Actions, click "Edit Feature Settings"
 b) tick the box "Allow double escaping"
 *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
 These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
 This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
 a) set the Alias to something sensible eg "D_Drive", set the physical path
 b) it is essential you click "connect as" and set
this to a local user (on fileserver),
 if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
 NB: the user account selected here must have the required EFS certificates installed.
 See
here and
here
 NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
 This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
 The work around is on the \\fileserver create an NTFS symbollic link
 e.g. to share the entire contents of "D:\",
 on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
 in cmd in this folder create an NTFS symbolic link to "D:\"
 so in cmd type "cd c:\inetpub\wwwroot"
 then in cmd type "mklink /D D_Drive D:\"
 NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
 NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
 a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
 b) if some exist review existing allow or deny.
 Take care to not only review the "allow access to" settings
 but also review "permissions" (read/write/source)
 NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
 a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
 choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
 NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
 b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
 a) On Windows 7 you need only change one tiny registry value:
 - click START, type "regedit", open link
 -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
 -on the EDIT menu click NEW, then click DWORD Value
 -Type "DisableEFSOnWebDav" to name it (no speech marks)
 -on the EDIT menu, click MODIFY, type 1, then click OK
 -You MUST now restart this computer for the registry change to take effect.
 b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
 NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
 a) make sure WebClient Service is running
 (click START, type "services" and open, scroll down to WebClient and check its status)
 b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
 It should show the default "IIS7" image.
 If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
 c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
 e.g. http://localhost/D_drive
 If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
 a) make sure WebClient Service is running
 (click START, type "services" and open, scroll down to WebClient and check its status)
 b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
 eg if your server's computer name is "fileserver" go to "http://fileserver:80"
 It should show the default "IIS7" image. If not, check firewall and port blocking.
 Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
 c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
 A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
 a) click the "Connections" tab at the top
 b) click the "LAN Settings" button at the bottom right
 c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
 a) click START, type "regedit", open link
 b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
 c) click on "FileSizeLimitInBytes"
 d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
 a) click on "Security" (top) and then "Custom level" (bottom)
 b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
 SUCH an easy fix. SUCH an annoying problem on a clientpc
 NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
 e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
 e.g. CMD: net use * "http://fileserver:80/C_drive"
 If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
 a) On a clientpc, map network drive to http://fileserver/
 b) navigate to a folder you know on the \\flieserver is encrypted with EFS
 c) create a new folder, create a new file.
 IF it throws an error, check carefully you mapped to the WebDAV and not file share
 i.e. mapped to "http://fileserver" not "\\fileserver"
 Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
 d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
 e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
 If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
 If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
 a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
 If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
 a) see the last comment at the very bottom of
this page:
Points to consider:
 - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
 It is implimented above, see (11) above
 Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
 This one took me a long time to track down to "network location".
 Win 7 uses network locations "Home" / "Work" / "Public".
 If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
 This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
 FIX = either set IP address manually and specify a gateway
 FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
 FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
 By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
 Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

HT4623 Iphone 4s access denied error message when importing photos

ok got iphone 4s in feb have used windows live photo gallery to import since i got the phone and never had any problems started having problems with itunes not working say it was on a locked disk and/or didint have write permissions fixed this with a total uninstall and reinstall of itunes and now that works fine but at the same time the itunes stopped working i started getting an access denied error when importing photos via usb via windos live photo gallery i was however able to import my husbands photos from his ipad three days ago the same way i do my iphone and it worked fine with the ipad but not my iphone so here is what i do click for click i plug in the iphone via usb and the autoplay and itunes starts. i close itunes and go to autoplay click on import using windows live photo gallery than the pops open i check the folder to import too (which is on an exterial hard drive) and then i click import and it starts to import and on the very first photo and all photos the access is denied error message pops up help please this is driving me crazy that it worked fine one day and now it doesnt work

Good afternoon
There seem to be a number of possibilities.
Here is a thread that conatins a number of solutions. The most common one is to load 50 pics at a time.
https://discussions.apple.com/thread/3947440?start=0&tstart=0
Hope this helps

Access denied error while writing a file to the file system - myfileupload.saveas() throws system.unauthorizedexception

hi,
as part of my requirement , i have to perform read and write operations of few files [ using the file upload control in my custom visual web part] and on submit button click.
but while writing these files - with the help of fileupload control - and when i use myfileupload.saveas(mylocation);
- i am saving these files into my D:\ drive of my server , where i am executing my code -, am getting access denied error.
it throws system.unauthorizedexception.
i have given full control on that folder where i was trying to store my attached files. and also after following asp.net forums,
i have added iusr group added and performed all those steps such that, the file is saved in my D:\ drive.
but unfortunately that didnt happen.
also
a) i am trying the code with runwithelevatedprivileges(delegate() ) code
b) shared the drive within the d :drive where i want o save the files.
c) given the full privieleges for the app pool identity- in my case , its
network service.
the other strange thing is that, the same code works perfectly in other machine, where the same sp, vs 2012 etc were installed .
would like to know, any other changes/ steps i need to make it on this server, where i am getting the error.
help is appreciated!

vishnuS1984 wrote:
Hi Friends,
I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
public static void copyFiles(File src, File dest) throws IOException
// dest is a 'File' object but represents the C:\GetMe1 directory, right?
fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
BTW, this is awful:
catch (IOException e)
IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
wrapper.initCause(e);
wrapper.setStackTrace(e.getStackTrace());
throw wrapper;
}1) You're hiding the original IOException and replacing it with your own? For what good purpose?
2) Even if you had a good reason to do that, this would be simpler and better:
throw new IOException("your custom message goes here", e);
rather than explicitly invokign initCause and setStackTrace. Yuck!

Access Denied error with basic XML file operations

Hi,
I'm trying to set up a basic read, write and delete code for XML files which I can build upon in the future. The three methods are bound to three buttons on the page and all three calls are awaited. Here's my code:
Write:
XElement uservarnodes = new XElement("uservars",
new XElement("uservar1", "1"),
new XElement("uservar2", "2"),
new XElement("uservar3", "3"),
new XElement("uservar4", "4"),
new XElement("uservar5", "5"),
new XElement("uservar6", "6"),
new XElement("uservar7", "7"),
new XElement("uservar8", "8"));
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.CreateFileAsync("uservarfile.xml", CreationCollisionOption.ReplaceExisting);
var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
using (var outputStream = stream.GetOutputStreamAt(0))
DataWriter mydataWriter = new DataWriter(outputStream);
mydataWriter.WriteString(uservarnodes.ToString());
await mydataWriter.StoreAsync();
await outputStream.FlushAsync();
Read (outputs the data to a textblock):
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.GetFileAsync("uservarfile.xml");
string readtext = await Windows.Storage.FileIO.ReadTextAsync(file);
XElement uservarnodes = XElement.Parse(readtext);
txtTarget.Text = uservarnodes.ToString();
Delete:
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.GetFileAsync("uservarfile.xml");
await file.DeleteAsync(StorageDeleteOption.PermanentDelete);
When I tap each of the buttons once it all seems to work. But when I tap any of the buttons again within the same debug session I get an Access denied exception (E_ACCESSDENIED). Other people with this error had to await when calling their method, but I'm
already doing that: private async void btnWrite_Click(object sender, RoutedEventArgs e) { await WriteToXMLFile(); }, etc.
And the intervals between my taps isn't that short that you'd expect that the previously called method still had not finished completing. I don't understand why I'm getting the access denied error.
Related to my question: I have added XML to the File Type Associations, File Open Picker and File Save Picker in the appxmanifest, but somewhere I read that you do not need to do this if you're working with local app data only. Is this true?

var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
I think because of your file stream hasn't been closed.
by the way, it can be easier by using System.IO.OpenStreamForWriteAsync extension method
async public static Task<bool> SaveTextFileAsync(string filename, string data)
byte[] fileBytes = System.Text.Encoding.UTF8.GetBytes(data);
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.CreateFileAsync(filename, CreationCollisionOption.ReplaceExisting);
try
using (var s = await file.OpenStreamForWriteAsync())
s.Write(fileBytes, 0, fileBytes.Length);
return true;
catch
return false;
(need using System.IO namespace)
在現實生活中，你和誰在一起的確很重要，甚至能改變你的成長軌跡，決定你的人生成敗。和什麼樣的人在一起，就會有什麼樣的人生。和勤奮的人在一起，你不會懶惰；和積極的人在一起，你不會消沈；與智者同行，你會不同凡響；與高人為伍，你能登上巔峰。

Access denied error in a popup for most of the clients.

Similar Messages

Maybe you are looking for