Book of business: Access denied error

Hi,
I have Administrator Role assigned to me. I tried creating a new account and then associating book to it. However in 'Books' section following error is displayed- 'Access denied.(SBL-DAT-00553)'.
I can create the books from 'Book Management' category of privilege.
If any one has come across this issue & knows the resolution please suggest.
Thanks,
Gunjan

Hi Alex,
I checked both default & owner access profiles. Against Account record type I am unable to see 'books' in related information.
Also, one more thing to add:
I am able to see 'Book Management' (as category of privilege) under Admin > User Management & Access control (privilege). However, under 'Role Management' wizard's step-4 (Privileges)- I am not able to see the "Manage Book" privilege.
Thanks,
Gunjan

Similar Messages

Access Denied error on Registry Key with CRXIR2A SP6

We ship now the latest CRXI version (2ASP6) with our application. One of our users (Win7 Home SP1) gets an error on instantiating a report. Using ProcMon.exe this seems to be caused by an Access Denied error when accessing the HKLM\Software\Wow6432Node\Business Objects\Suite 11.5\Crystal Reports key. What can be the cause?

Hello Ludek,
I had to take ownership and then change persmissions to full. The problem did not go away however. As I noticed that the register key mentioned did not contain any subkeys I tried to remove it. This again failed because of persmission denied error. Funnily some subkeys suddenly showed up. I took ownership, changed permissions and tried again. Lo and behold the subkeys I tried to delete (and in which no subkeys were visible) suddenly showed more subkeys. At this point I stopped fearing that I was damaging the client's computer. The subkeys were related to the RAS server. Does that say anyting to you?
André

Access denied error in feature receiver code when deploying-activating custom timer job feature

hi,
am creating a sp timer job for a updating a list.when i write this code in a the event receiver featureactivated method, and when i activate this feature , am getting access denied error.
but, when i deploy this timer job [ without feature receiver] through powershell, it works.
i didnt run this feature receiver with runwithelevatedprivileges delegate - i think this wlll NOT solve the issue.
from one of the posts i seen that, current logedin user needs to be part of config database roles. i didnt understand this point. how can i add my current loge din user into the sp_config database roles? is it through SSMS 2012?
or
is there any way to achieve without feature event receiver?
otherwise i will be forced to write my business logic in a console appln and add this exe in a windows scheduler.!
help is appreciated!

hi Waqas,
i have ran that powershell script you have pointed to me.
function Set-RemoteAdministratorAccessDenied-False()
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null
# get content web service
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
# turn off remote administration security
$contentService.RemoteAdministratorAccessDenied = $false
$contentService.Update()
now i need to test the functionality from the event receiver after Activate feature button click.
BTW, i have written a console appln for my business logic and created an exe.
also, should i test it with a web application levels coped feature instead of site collection level feature? this thread talks abt the same:
http://social.technet.microsoft.com/Forums/en-US/f41810ec-2348-436d-a574-c29656f3a567/access-denied-error-when-running-timer-job-from-feature-activated-event?forum=sharepointgeneralprevious
thx

Calendar Server Virtual Domains Free Busy - Access Denied

Version 6.3-11.01
I cannot get free busy to work with any domains but the default domain for the life of me.
The LDAP searches are going through and appear to be returning the correct values however on virtual domain calendars the following is returned:
PRODID:-//Sun/Calendar Server//EN
METHOD:PUBLISH
VERSION:2.0
X-NSCP-WCAP-ERRNO:28
END:VCALENDAR
I looked at the aces for the calendars in question:
Returns Free busy:
@@o^a^r^g;@@o^c^wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g
Does Not return Free busy:
@@o^a^r^g;@@o^c^wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g
I have tried enabling and disabling anonymous calendar access to no avail.
Is there a bug in this version that prevents the return of the free busy information?

Is this free-busy across domains i.e. [email protected] attempting to see free-busy information for [email protected] or inter-domain searches?
Inter-domain searches, or non logged in anonymous searches.
What client are you using to check free-busy information (Calendar Express, UWC/CE, Convergence, Thunderbird + Lightning Plugin) and what version are you running?
I am attempting to get it to work with the outlook 2007 plugin version: 7.3-05.01
Simply using the following:
curl http://hostname:3080/get_freebusy.wcap?mail=user@defaultdomain&fmt-out=text/calendar&noxtokens=1
Returns free busy
With hosted users I receive the access denied error. In outlook I receive an error: An error occurred reading Internet free/busy data. General Failure.
Does outlook require anonymous access to a calendar domain be enabled for get_freebusy?
>
You also need to check the icsExtendedDomainPrefs: attribute for the domain:
http://docs.sun.com/app/docs/doc/819-4437/6n6jckqsu?a=view
I have tried using this to enable anonymous access to no avail.
Thank you for your help!

WebPart access denied error

I have a web part on SharePoint Portal web site default page. When I login as Administrator, the default page shows up perfect. But I will get the following error when login as users other than Administrator. Can someone help me on this issue?
Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as Microsoft Office SharePoint Designer. If the problem persists, contact your Web server administrator.
I recreate this error on another machine, another web site. Still administrator works fine. But all other users will get "Access Denied" error.
Thanks in advance,
Peter

Right! if the webpart is calling to something a permission level has no access to it will throw the access denied error.
I was calling to some custom CSS with a web part. The CSS.txt file was in my Style Library.
The issue was strange because this was a new site and for some reason my Style Library and my Site Collection Images Library had unique permissions out of the box??
So, I tried toggling my style library back and forth from stop to start inheriting.. no dice.
What ended up working just fine is throwing that CSS.txt file into one of the untainted libraries and updating the webpart to call for it from there (if you named them all the same it will reflect across your site).
Would love to know why this out of the box site had unique permissions on a couple of the libraries, and then the subsequent permissions issue not changing but it is time to move on with business.
Good Luck!

Access denied error while writing a file to the file system - myfileupload.saveas() throws system.unauthorizedexception

hi,
as part of my requirement , i have to perform read and write operations of few files [ using the file upload control in my custom visual web part] and on submit button click.
but while writing these files - with the help of fileupload control - and when i use myfileupload.saveas(mylocation);
- i am saving these files into my D:\ drive of my server , where i am executing my code -, am getting access denied error.
it throws system.unauthorizedexception.
i have given full control on that folder where i was trying to store my attached files. and also after following asp.net forums,
i have added iusr group added and performed all those steps such that, the file is saved in my D:\ drive.
but unfortunately that didnt happen.
also
a) i am trying the code with runwithelevatedprivileges(delegate() ) code
b) shared the drive within the d :drive where i want o save the files.
c) given the full privieleges for the app pool identity- in my case , its
network service.
the other strange thing is that, the same code works perfectly in other machine, where the same sp, vs 2012 etc were installed .
would like to know, any other changes/ steps i need to make it on this server, where i am getting the error.
help is appreciated!

vishnuS1984 wrote:
Hi Friends,
I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
public static void copyFiles(File src, File dest) throws IOException
// dest is a 'File' object but represents the C:\GetMe1 directory, right?
fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
BTW, this is awful:
catch (IOException e)
IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
wrapper.initCause(e);
wrapper.setStackTrace(e.getStackTrace());
throw wrapper;
}1) You're hiding the original IOException and replacing it with your own? For what good purpose?
2) Even if you had a good reason to do that, this would be simpler and better:
throw new IOException("your custom message goes here", e);
rather than explicitly invokign initCause and setStackTrace. Yuck!

Access Denied error (code 5)

Hi
I am using server 2008 r2 sp1 while installing any windows update or my sql I am getting error code 5 access denied
and i am installing with Admin ID. What can be the reason?

Checked this ?
https://social.technet.microsoft.com/Forums/en-US/522a1177-22eb-458b-a113-d1958e0b991e/sql-express-access-denied-error-code-5?forum=sqlexpress
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.

Access Denied error with basic XML file operations

Hi,
I'm trying to set up a basic read, write and delete code for XML files which I can build upon in the future. The three methods are bound to three buttons on the page and all three calls are awaited. Here's my code:
Write:
XElement uservarnodes = new XElement("uservars",
new XElement("uservar1", "1"),
new XElement("uservar2", "2"),
new XElement("uservar3", "3"),
new XElement("uservar4", "4"),
new XElement("uservar5", "5"),
new XElement("uservar6", "6"),
new XElement("uservar7", "7"),
new XElement("uservar8", "8"));
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.CreateFileAsync("uservarfile.xml", CreationCollisionOption.ReplaceExisting);
var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
using (var outputStream = stream.GetOutputStreamAt(0))
DataWriter mydataWriter = new DataWriter(outputStream);
mydataWriter.WriteString(uservarnodes.ToString());
await mydataWriter.StoreAsync();
await outputStream.FlushAsync();
Read (outputs the data to a textblock):
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.GetFileAsync("uservarfile.xml");
string readtext = await Windows.Storage.FileIO.ReadTextAsync(file);
XElement uservarnodes = XElement.Parse(readtext);
txtTarget.Text = uservarnodes.ToString();
Delete:
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.GetFileAsync("uservarfile.xml");
await file.DeleteAsync(StorageDeleteOption.PermanentDelete);
When I tap each of the buttons once it all seems to work. But when I tap any of the buttons again within the same debug session I get an Access denied exception (E_ACCESSDENIED). Other people with this error had to await when calling their method, but I'm
already doing that: private async void btnWrite_Click(object sender, RoutedEventArgs e) { await WriteToXMLFile(); }, etc.
And the intervals between my taps isn't that short that you'd expect that the previously called method still had not finished completing. I don't understand why I'm getting the access denied error.
Related to my question: I have added XML to the File Type Associations, File Open Picker and File Save Picker in the appxmanifest, but somewhere I read that you do not need to do this if you're working with local app data only. Is this true?

var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
I think because of your file stream hasn't been closed.
by the way, it can be easier by using System.IO.OpenStreamForWriteAsync extension method
async public static Task<bool> SaveTextFileAsync(string filename, string data)
byte[] fileBytes = System.Text.Encoding.UTF8.GetBytes(data);
StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await local.CreateFileAsync(filename, CreationCollisionOption.ReplaceExisting);
try
using (var s = await file.OpenStreamForWriteAsync())
s.Write(fileBytes, 0, fileBytes.Length);
return true;
catch
return false;
(need using System.IO namespace)
在現實生活中，你和誰在一起的確很重要，甚至能改變你的成長軌跡，決定你的人生成敗。和什麼樣的人在一起，就會有什麼樣的人生。和勤奮的人在一起，你不會懶惰；和積極的人在一起，你不會消沈；與智者同行，你會不同凡響；與高人為伍，你能登上巔峰。

Access denied error while trying to install graphics drivers

Hello,
I have a new toshiba laptop P70-A. I have installed windows 7 and the pc was working excellent up until now. Noticed yesterday that the nvidia automated system failed to install the new update. When I tried to install the new driver manually, even from the
device manager, I got the access denied message.
A day now wasted reading all the possible causes and solutions but with no luck. Read all the forums and all the posts, tried almost everything. Below youll find everything I tried as a solution and failed.
1.Disabled UAC
2.Enabled the administrator account and trying to take control from there
3.Run the subinacl and the reset.cmd
4.Tried manually to take control the folder windows (and access denied while changing the rights)
5. Scanned the system with everything there is available ( Kaspersky, MalwareBytes, RegCurePro, Tuneup Utilities, CCleaner) The system came out clean.
6. Tried restoring the system to an earlier time (got again access denied error code 0x80070005)
7. Checked all the group policies (all seem to be fine)
8. Run a script to take immediate ownership over all of C:
TAKEOWN /A /F C:
then the next one
TAKEOWN /F C:
9. With subinacl I run all the above scripts... (still nothing changed)
@echo off
title Resetting ACLs...
echo.
echo Determine whether we are on an 32 or 64 bit machine
echo.
if "%PROCESSOR_ARCHITECTURE%"=="x86" if "%PROCESSOR_ARCHITEW6432%"=="" goto x86
set ProgramFilesPath=%ProgramFiles(x86)%
goto startResetting
:x86
set ProgramFilesPath=%ProgramFiles%
:startResetting
echo.
cd /d "%ProgramFilesPath%\Windows Resource Kits\Tools"
echo.
echo Resetting ACLs...
echo (this may take several minutes to complete)
echo.
echo IMPORTANT NOTE: For this script to run correctly, you must change
echo the values named Athena to be the Windows user account that
echo you are logged in with.
echo.
echo ==========================================================================
echo.
echo.
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators > %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo.
echo.
echo System Drive...
subinacl /subdirectories %ProgramFilesPath%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo.
echo.
echo Windows Directory...
subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo.
echo.
echo ==========================================================================
echo.
echo FINISHED.
echo.
echo Press any key to exit . . .
pause >NUL
Im frustrated really... ANY help at all would be really appreciated.
Thanks in Advance and sorry for the long post
Athena

Hello,
Thanks for the replies, i much appreciate it. I tried all of the above with no luck again. Safe mode allows me though to install drivers but thats reverting the moment im entering windows. Im always running commands and programs as a administrator or in
the Admin enabled account.
It seems the problem is solved today. Via tune up utilities I disabled most of the startup programs and services and it seems that 1 service is causing this issue. Although I havent played much with the disabled services but 3 remain to be checked. One of
the three is causing this.
Thanks again guys and Ill keep you posted about the soft. conflict.
Athena

EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
     1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
          EFS operations occur on the computer storing the files.
          EFS files are decrypted then transmitted in plaintext to the client's computer
          This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
     2) SOLVE by setting up WebDAV (efs files accessed through web folders)
           EFS operations occur on the client's local computer
           EFS files remain encrypted during transmission to the client's local computer where it is decrypted
           This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
           BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
         READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
   a) START ... CMD
   b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
   c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
   1 click START and type "Turn Windows Features On or Off" and open the link
       a) scroll down to "Internet Information Services" and expand it.
       b) put a tick in: "Web Management Tools" \ "IIS Management Console"
       c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
       d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
       e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
       f) click ok
       g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
       a) on the "Anonymous Authentication" and click "Disable"
       b) on the "Windows Authentication" and click "Enable"
      NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
        It can be by changing registry key:
           [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
           BasicAuthLevel=2
       c) on the "Windows Authentication" click "Advanced Settings"
           set Extended Protection to "Required"
       NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Add Allow Rule"
       b) set this to "all users". This will control who can view the "Default Site" through a web browser
       NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
       NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
       a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
       a) on the right side, under Actions, click "Edit Feature Settings"
       b) tick the box "Allow double escaping"
     *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
     These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
     This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
       a) set the Alias to something sensible eg "D_Drive", set the physical path
       b) it is essential you click "connect as" and set
this to a local user (on fileserver),
       if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
             NB: the user account selected here must have the required EFS certificates installed.
                        See
here and
here
        NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
      This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
       The work around is on the \\fileserver create an NTFS symbollic link
          e.g. to share the entire contents of "D:\",
                on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                in cmd in this folder create an NTFS symbolic link to "D:\"
                so in cmd type "cd c:\inetpub\wwwroot"
                then in cmd type "mklink /D D_Drive D:\"
        NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
         NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
       a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
       b) if some exist review existing allow or deny.
           Take care to not only review the "allow access to" settings
           but also review "permissions" (read/write/source)
       NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
       a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
             choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
          NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
       b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
      a) On Windows 7 you need only change one tiny registry value:
           - click START, type "regedit", open link
           -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
           -on the EDIT menu click NEW, then click DWORD Value
           -Type "DisableEFSOnWebDav" to name it (no speech marks)
           -on the EDIT menu, click MODIFY, type 1, then click OK
           -You MUST now restart this computer for the registry change to take effect.
      b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
         NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
            It should show the default "IIS7" image.
            If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
      c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                e.g. http://localhost/D_drive
            If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
              eg if your server's computer name is "fileserver" go to "http://fileserver:80"
              It should show the default "IIS7" image. If not, check firewall and port blocking.
              Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
     c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
               eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
               A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
      a) click the "Connections" tab at the top
      b) click the "LAN Settings" button at the bottom right
      c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
      a) click START, type "regedit", open link
    b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
       c) click on "FileSizeLimitInBytes"
       d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
         a) click on "Security" (top) and then "Custom level" (bottom)
         b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
         SUCH an easy fix. SUCH an annoying problem on a clientpc
   NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
            e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
            e.g. CMD: net use * "http://fileserver:80/C_drive"
         If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
       a) On a clientpc, map network drive to http://fileserver/
       b) navigate to a folder you know on the \\flieserver is encrypted with EFS
       c) create a new folder, create a new file.
           IF it throws an error, check carefully you mapped to the WebDAV and not file share
              i.e. mapped to "http://fileserver" not "\\fileserver"
           Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
       d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
       e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
        If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
        If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
      a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
            If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
      a) see the last comment at the very bottom of
this page:
Points to consider:
   - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
      It is implimented above, see (11) above
      Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
     This one took me a long time to track down to "network location".
     Win 7 uses network locations "Home" / "Work" / "Public".
     If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
     This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
     FIX = either set IP address manually and specify a gateway
     FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
     FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
       By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
      Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

Access Denied Error while accessing "Site Settings Access requests and invitations"

Hi,
I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint 2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
site collection account. So, what permission I have to give my regular account to access this page?
Thanks, Pal

Hello,
Have you recently changed the Owners group of the site collection or removed the user from the original owners group?
The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created. If this "regular account" is not part of that owners
group, the user will receive access denied. Site Collection Admins always have permissions for the Access Request List.
A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us. By giving the correct group or user the permissions to this list, the users will not receive
the Access Denied issue anymore.
Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
was. Below are additional steps to restore full functionality.
1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
is set correctly. (There is a group selected)
2) Add user to that Owners Group. (Issue may be resolved at this step if the site collection Owners
Group was never changed, if not continue to next step.)
3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
group as Full control on Access Request list Permissions.
Let me know how this works out for you.
- Shpendi Jashari

Timerjob Access denied error while opening web object

Hi Team,
I have created a timer job to get list information on the site. Everything is fine in the development(Stand alone server) . Got access denied error while running same timer job in QA server(one app and one WFE).
Note: This timer job is globally deployed.
Code snippet :
SPSite site1 = webApp.Sites[0];
SPWeb web = site1.RootWeb;
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite site = new SPSite(site1.ID))
using (SPWeb currWeb = site.OpenWeb(web.ID)) // Got access denied error here.
Additional information:
Sharepoint timer service account : Domain\SP_Farm
Site app pool account : Domain\SP_App.
Both accounts have site collection administrative access on the site. Do i need to check access permissions on DB level also this error ?
Waiting for urgent reply..

Hi,
1. Please check the link below:
Fixing Access Denied Errors With SharePoint 2010 Timer Jobs
http://www.sharepointsecurity.com/sharepoint/sharepoint-security/fixing-access-denied-errors-with-sharepoint-2010-timer-jobs/
2. Try to set RemoteAdministratorAccessDenied to false using PowerShell
Access denied when deploying a timer Job or activating a feature from SharePoint 2010 content web application
https://support.microsoft.com/kb/2564009?wa=wsignin1.0
3. Check your ULS log for detail error message.
Best Regards
Dennis Guo
TechNet Community Support

Access denied Error while calling Web Service form Infopath Form 2010.

Hi Dear All,
I have been facing an error while calling an GetUserProfileByName() web service method from InfoPath 2010 from.
i have FBA(Forms Base Authentication )configured . After Infopath form published to site collection when i select an user from people picker control i want to get Email Id of Selected user for that i am calling getUserProfileByName() Web Method, but
i am getting Access denied error code 500.
Any Help would be more than welcome.
Thanks.

Hi,
Greetings. Please check
Check the IE settings. Click Internet Options> Security>Custom level. Make sure that the ‘Access data source across domains’ is enabled. Make sure that you have permission to the web service and to the content which the web service tries to modify.
For more information, please refer to this site:
"Access is denied." error in Infopath 2007 form + ASMX: http://us.generation-nt.com/answer/access-denied-error-infopath-2007-form-plus-asmx-help-65808252.html
Please remember to click 'Mark as Answer' on the answer if it helps you

Access denied error on updating list through custom webpart

hi
I have created one webpart having multiple view option.
On selection of items from one view user is clicking on next button to get 2nd view (THis is causing postback) and on selection of 2nd view items user is clicking on next buton for 3rd view.
On third view he can see the submit button. On click on submit button the selected items are updateing in one list and also updating data in other lists.
The list in which we are updating data have limited access to all users. But previously user were able to upate the list.
But after implimenting this multiple view with next button which postbacks on click user are getting access denied error while updating the list. If i provide contribute access to that list then they able to submit the changes properly. But even after
that they got the error at first time.
Any body got this type of issue?
Is the post back on custom webpart cause access denied error?
i have written my code like this to updat list,
protected void btnUpdate_Click(object sender, EventArgs e)
try
SPSite site = new SPSite(SPContext.Current.Site.ID);
SPWeb myWeb = site.OpenWeb(SPContext.Current.Web.ID);
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite ElevatedSite = new SPSite(site.ID))
using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(myWeb.ID))
ElevatedSite.AllowUnsafeUpdates = true;
ElevatedWeb.AllowUnsafeUpdates = true;
//code to update multiple lists
catch (Exception ex)
Please suggest any solution for this.

Yes I checked with ULS log viewer.
Its very helpfull as reading that text log file is very difficuelt.
I found that if user spend more time on that webpart then session veriables on that webpart gets expired and at the time of redirection of user to newly created list using below code currentNewList becomes empty and its redirection to wrong list(_abc) which
is dummy list and user dont have any access.
currentNewList = NewListName+ "_abc"
SPUtility.Redirect(currentNewList.DefaultViewUrl, SPRedirectFlags.Default, HttpContext.Current);
So I modified the code to reload the session data when user clisk on submit button.

Subsites Access denied error

Hi
I am trying to access subsites in a sitecolllection.
Although I am able to access the maintenance page with ?contents=1
I am not able to access other existing pages nor when I create new page from pages library and click on save I get access denied error.
Here is the error I see in Logs
The SPPersistedObject, FarmSettingStore Name=_pnpFarmConfig_, could not be updated because the current user is not a Farm Administrator.
And error on the page
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Access denied.
Source Error:
[No relevant source lines]
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\5abc8088\6a71a990\App_Web_homepage.aspx_-1099170352.ltihcxjv.0.cs    Line:
0
Stack Trace:
[SecurityException: Access denied.]
Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate() +27672523
Microsoft.Practices.SharePoint.Common.Configuration.FarmSettingStore.Load(SPFarm farm) +341
Microsoft.Practices.SharePoint.Common.Configuration.SPFarmPropertyBag.get_SettingStore() +258
Microsoft.Practices.SharePoint.Common.Configuration.SPFarmPropertyBag.Contains(String key) +51
Microsoft.Practices.SharePoint.Common.Configuration.SPFarmPropertyBag.get_Item(String key) +65
Microsoft.Practices.SharePoint.Common.Configuration.ConfigManager.GetProperty(Type settingType, String key, IPropertyBag propertyBag) +148
Microsoft.Practices.SharePoint.Common.Configuration.ConfigManager.GetFromPropertyBag(String key, IPropertyBag propertyBag) +220
Microsoft.Practices.SharePoint.Common.ServiceLocation.ServiceLocatorConfig.GetConfigData() +311
Microsoft.Practices.SharePoint.Common.ServiceLocation.ServiceLocatorConfig.GetTypeMappings() +50
Microsoft.Practices.SharePoint.Common.ServiceLocation.SharePointServiceLocator.CreateServiceLocatorInstance(SPSite site) +160
Microsoft.Practices.SharePoint.Common.ServiceLocation.SharePointServiceLocator.DoGetCurrent(SPSite site) +957
Microsoft.Practices.SharePoint.Common.ServiceLocation.SharePointServiceLocator.DoGetCurrent() +150
Microsoft.Practices.SharePoint.Common.ServiceLocation.SharePointServiceLocator.GetCurrent() +63
ABC..PropertyBag.Config.ConfigManager.ReadProperty(String propertyName, SPWeb web) +49
ABC.Common.ControlTemplates.ABC.Framework.Common.GlobalSearchBox.SetSearchResultPageUrl() +228
ABC.Common.ControlTemplates.ABC.Framework.Common.GlobalSearchBox.Page_Load(Object sender, EventArgs e) +644
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
System.Web.UI.Control.OnLoad(EventArgs e) +132
System.Web.UI.Control.LoadRecursive() +66
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11154599
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11154138
System.Web.UI.Page.ProcessRequest() +91
System.Web.UI.Page.ProcessRequest(HttpContext context) +240
ASP.HOMEPAGE_ASPX__1099170352.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\5abc8088\6a71a990\App_Web_homepage.aspx_-1099170352.ltihcxjv.0.cs:0
Microsoft.SharePoint.Publishing.TemplateRedirectionPage.ProcessRequest(HttpContext context) +175
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
This error is in staging environment.
Please help.
Thank you,
Vinay

Hmm. This is not the normal access denied message that you would receive when you don't have permission to a site. Have you customized the page layouts to include something in it?
Andy Wessendorf SharePoint Developer II | Rackspace [email protected]

Book of business: Access denied error

Similar Messages

Maybe you are looking for