Remote shutdown Access Denied (5)

Similar Messages

• Remote Powershell - Access Denied? Windows 8.1

  I want to be able to connect to my PC from anywhere around the world. Don't ask why. As such I have forwarded my private IP :192.168.... to my public
  IP (ports : 22,23, 3389,5975,5976). Of course my public IP changes constantly so i also have a DNS Updater with a name : nameofmyhost.somehing.com . 
  I have been able to connect using Remote Desktop connection from my phone, tablet, other PC's, using that nameofmyhost.somehing.com. 
  However this is a desktop connection. I want a command connection as well (Powershell), no Telnet, and no SSH. I have configured WinRm, and tried powershell
  remoting using enter-pssesion nameohmyhost.somehing.com. Problem is that it's always Access Denied.
  I want to be able to connect remotely via powershell to my PC at any times.
  Yes i did quickconfig the winrm, i did add to TrustedHosts, but i still can't connect. Someone please tell me if what i am trying is even possible,
  and if it is, please give me a COMPLETE TUTORIAL FOR DUMMIES on how to make it happen. 
  Thanks

  You can verify the availability of WinRM and configure a PowerShell for remoting by following these steps:
  1. Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator.
  2. The WinRM service is confi gured for manual startup by default. You must change the startup type to Automatic and start the service on each computer you want to work with. At the PowerShell prompt, you can verify that the WinRM service is
  running using the following command:
  get-service winrm
  The value of the Status property in the output should be “Running”.
  3. To configure Windows PowerShell for remoting, type the following command:
  Enable-PSRemoting –force
  In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer might not be able to authenticate your credentials. To enable authentication, you need to add the
  remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:
  winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}'
  Here, RemoteComputer should be the name of the remote computer, such as:
  winrm s winrm/config/client '@{TrustedHosts="CorpServer56"}'
  When you are working with computers in workgroups or homegroups, you must either use HTTPS as the transport or add the remote machine to the TrustedHosts configuration settings. If you cannot connect to a remote host, verify that the service on the remote host
  is running and is accepting requests by running the following command on the remote host:
  winrm quickconfig
  This command analyzes and configures the WinRM service. 
  To use Windows PowerShell remoting features, you must start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator. When starting PowerShell from another program, such as the command prompt
  (cmd.exe), you must start that program as an administrator
  From W. Stanek:  Windows PowerShell 2.0 Administrator’s Pocket Consultant

• Cross Frame Remote Scripting  = Access Denied with servlets

  In a Nutshell what I'm trying to accomplish is to update some data in a web
  page by posting to a servlet and not reload the whole page. So I created an
  <IFRAME> to do the dirty work. I am using javascript/dom to copy data from
  the <IFRAME> to the parent.
  This works fine when the URLs are for example...
  parent page = http://localhost:8080/somepath/somepage.html.
  iframe page = http://localhost:8080/somepath/someIframe.html.
  I understand that there is a security restriction(IE 5 and up) crossing
  domains, and this is where some of my comfusion is coming into play.
  When I change the URLs to the my dns address and iframe points to a
  servlet.....
  parent page = http://samw:8080/somepath/somepage.html.
  iframe page = http://samw:8080/somepath/someIframeServlet
  I get an "Access is Denied" error message as I believe the browser thinks
  that the domains are not the same. Not sure though.
  Are there any work arounds to this problem?
  Requirements are IE 5.5 and up, Tomcat as the Servlet Engine, and only the part of the page displaying the data collected gets refreshed.
  Thanks,
  Sam

  This is a security feature of the browser's scripting engine - you cannot access the DOM of a window/frame on a different domain, regardless of whether or not the actual server serving up your page is the same serving up the other. The only recourse is to make sure you use the same domain in the urls for frame sources.
  Hope this helps,
  -Scott

• I keep getting this error in Dreamweaver when I am trying to upload my website?  Can you tell me what I am doing wrong?  here is the error message: /html - error occurred - Unable to create remote folder /html.  Access denied.  The file may not exist, or

  I keep getting this error in Dreamweaver when I am trying to upload my website?  Can you tell me what I am doing wrong?  here is the error message: /html - error occurred - Unable to create remote folder /html.  Access denied.  The file may not exist, or there could be a permission problem.   Make sure you have proper authorization on the server and the server is properly configured.  File activity incomplete. 1 file(s) or folder(s) were not completed.  Files with errors: 1 /html

  Nobody can tell you anything without knowing exact site and server specs, but I would suspect that naming the folder "html" wasn't the brightest of ideas, since that's usually a default (invisible) folder name existing somewhere on the server and the user not having privileges to overwrite it.
  Mylenium

• Access denied listing with cfdirectory when remote

  Hello people, I working with cfdirectory to verify the contents of a local directory (this is for an intranet running on a mac). It works ok when I trest it in the local environment but it fails when I run the script from the remote server.
  I'm a bit lost here. Is something I need to modify at the local server or the remote server? Is the local server not allowing access to the remote script or the remote server doesn't want to access a local machine due to security issues?
  Thsnkd in advance.
  Dani

  Ian, thanks for your answer. This brings a problem...unless I can bypass it by calling a script on my local server, at least to perform cfdirectory operations...
  I'm trying to do the following:
  When a supplier approves a job, my client changes the status of that job to approved. When that happens, the application should be able to;
  1) List the files related to that job (cfdirectory)
  2) Zip those files (cfzip)
  3) Upload those files to the ftp (cfftp)
  But since the files are stored locally (huge graphic files), I'm stuck with the "access denied" situation.
  Anyway, thanks so much Ian for clarifying this to me.
  Dani Szwarc

• Access denied to remote Oracle server from job

  Hello
  I have a LINKED ORACLE server to SQL Server 2008 R2 (SP1). All the linked tables work OK. I wrote a couple of procedures to transfer/update data between my DB on the SQL Server and the Oracle linked server tables.
  When running a procedure from a query it works. But when putting the same procedure in a job (scheduled) it returns this error:
  Access to the remote server is denied because no login-mapping exists. [SQLSTATE 42000]
  How can I map logins in such a case to make this work? Or any other options?
  Thx in advance
  Miha

  Good Day,
  Recommended Steps as follows:-
  1.Create a credential under SQL Security tab
  2.Create a Proxy(Operating system CMDExec) under SQL Server Agent Tab and link the credential to the proxy.
  3.Create an SQL Agent Job with type - operating system(cmdExec)and Run as the proxy name or SQL Server Agent Service Account .
  4.Use SQLCMD -S instancename -Q "Exec databasename.schemaname.storedprocedurename;" in the command box.
  Consider the Security permission for the user credential.
  Regards,
  Sajith.
  http://sqllive.wordpress.com/

• Get-WmiObject to remote computer fails with "rpc server is unavailable" and vice versa "Access denied"

  Hi
  Still learning PowerShell remoting.
  Can access with remoting 2 computers (XPProf/SP3, Workgroup) perfect. Powershell2.0 (running as Administrator).
  Using Firewall ZoneAlarm not Windows Firewall (stopped).
  But when using Get-WMIObject always run into
  "rpc server is unavailable" in one direction and "Access denied" in the other direction.
  Searched the forum but didnt find infos.
  Switched off Firewalls: Still the same.
  So I'm stuck.
  Any help is appreciated.
  Beat

  Yo encontré estas recomendaciones que me sirvieron para poder consultar el servidor remoto.
  http://www.poweradmin.com/help/enablewmi.aspx
   Allow WMI through Windows firewall
  All users (including non-administrators) are able to query/read WMI data on the local computer.
  For reading WMI data on a remote server, a connection needs to be made from your management computer (where our monitoring software is installed) to the server that you're monitoring (the target server). If the target server is running Windows Firewall (aka
  Internet Connection Firewall) like what is shipped with Windows XP and Windows 2003, then you need to tell it to let remote WMI requests through<sup style="margin:0px;padding:0px;list-style:none;">2</sup>. This can only be done at the
  command prompt. Run the following on the target computer if it is running a Windows firewall:
        netsh firewall set service RemoteAdmin enable
  Como segunda opcion tambien se puede modificar el group policy y especificar que ips tendran acceso a consultar el WMI remotamente.
  https://technet.microsoft.com/en-us/library/cc738900(v=ws.10).aspx
  Using Group Policy
  To enable or disable the Remote administration exception
  Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
  Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows
  Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
  In the details pane, double-click Windows Firewall: Allow remote administration exception.
  In the Windows Firewall: Allow remote administration exception properties dialog box, on the Settings tab, click Enabled or Disabled.
  Saludos

• Get-VHD failing with access denied when querying remote VHDs on SMB 3.0 shares

  I'm out of ideas on this one. I'm attempting to do a Get-VHD to retrieve VHD info for some Guests that are using SMB 3.0 shares to remotely store their VHDs and I cannot remotely run the powershell command at all without getting  Error: 'General Access
  denied error' (0x80070005)'. Command running locally on the machine hosting the guest works fine.
  Here is the Hyper-V Setup - Host is Server 2012 datacenter, guests are 2012 or 2008 R2 boxes. Storage server is Server 2012, domain is 2008 R2 functionality level if it matters, powershell version 3.0
  Host1 --> Guest(1) --> {LAN}--> StorageServer --> Share --> VHD
  Make sense? pretty easy, normal setup. The Host has full access NTFS rights on the share and all files, including the VHDs. As does my AD account. All on the same domain. If I RDP into Host1 I can retrieve everything just fine. However, the following methods
  will not work to retrieve VHD info of any Guest running on their VHDs off the share (get-vhd works if Guests have their VHDs on locally attached storage).
  1.) Enter-PsSession Host1 and then attempt get-vhd
  2.) Invoke-Command
  3.) import module/hyper-v management tools on client then running get-vhd
  4.) Executing GetVirtualHardDiskInfo method in WMI (http://msdn.microsoft.com/en-us/library/cc136797%28VS.85%29.aspx) to retrieve the job which results in same error message.
  5.) Even attempting test-path $pathToVHD on the host will result in Access Denied error.
  If I check the storage server hosting the VHDs I see some normal access requests come across on my Domain account followed a few seconds later by a null sid/anonymous requests which of course are denied. I have no idea why on earth they are coming across
  as null SIDs/anonymous requests but this seems to be the root of the issue. Is it trying to regenerate my credentials or something to access the VHD and failing? If so, is there a way to fix it?

  Yeah I thought about that too and that isn't the problem in this particular case (also PSSession takes care of the RSAT/HyperV problem). If it was Scenario #1 wouldn't work and scenario #4 would.
  Again, this works fine:
  Scenario #1 (works)
  1.) Remote computer running PS 3.0 (win 7 desktop in this case) enter-pssession Host1
  2.)  Get-VHD $VHDOnLocalDirectAttachedStorage (Host1 is running guest)
  Scenario #2 (works)
  1.) RDP to Host1
  2.) Get-VHD $VHDOnSMBShare (host1 is running guest)
  Scenario #3 (breaks)
  1.) On remote computer enter-pssession Host1
  2.) Get-VHD $VHDOnSMBShare (host1 is running guest)
  Scenario #4 (breaks):
  1.) RDP to Host2 server 2012 running Hyper-v with RSAT installed
  2.) Get-VHD $VHDOnSMBShare -ComputerName RemoteHost
  Scenario #5 (works):
  1.) Enter-Psession Host2
  2.) Get-VHD $VHDOnHost1LocalStorage -ComputerName Host1

• Remote Shutdown problem

  Hi,
  I am trying to shutdown (and restart) a Windows 7 (RC1) PC on my home network from another PC running Windows 7 (RC1). I am running the following command at a command prompt (I have tried with and without Administrator privilege):
  shutdown /r /f /m \\backup
  Originally I was getting "Access Denied" but after searching the internet I disabled file sharing on the remote PC and I now get the following error message:
  "backup: The entered computer name is not valid or remote shutdown is not supported on the target computer. Check the name and then try again or contact your system administrator. (53)"
  I have also tried using the IP address and the result is the same.
  I am using the same user name on both PCs, with the same password and the user is a member of the administrator group on both PCs. I have also checked the following policy settings on the remote PC:
  Local Policies:User Rights Assignment:Access this computer from the network: Administrators...
  Local Policies:User Rights Assignment:Force shutdown from a remote station: Administrators
  Local Policies:User Rights Assignment:Shutdown the system:Administrators
  Local Policies:Security options:Network access: Sharing and security model for local accounts: Classic - local users authenticate as themselves
  Local Policies:Security options:Shutdown:Allow system to be shutdown without having to log on.
  Is there anything else to check?
  Thanks
  Patrick

  I know this is a late response, but when I had the same problem, I discovered that the problem was the firewall setting related to File and Printer Sharing (SMB-IN).  That rule was disabled for the Public profile; I'm not sure what triggers that profile's
  use over the Domain or Private because the machine is on a LAN with the Domain Controller.  When I enabled that rule, I was able to shutdown the servers.  The puzzling thing for me is that the rule seemed to be "disabled" on its own. 
  I distinctly remember shutting down all 6 of my servers.  Then 2 weeks ago, I could only shutdown 5.  This week I could only shutdown 4, so I had to enable this rule on 2 servers, and I don't know what would have caused that setting to be changed. 
  Obviously, if any firewalls change on their own, that would appear to be a large disconcerting bug.
  Just to reiterate, the firewall rule which prevented me from remotely shutdown was the File and Printer Sharing (SMB-IN) Inbound Firewall rule associated with the Public profile.  I enabled it, and I could execute a remote shutdown command.

• Remote shutdown script

  Dear All,
  I tried to do the script to remote shutdown my server below:
  shutdown -m \\srv-ex01 -s -c "shutdown now" -t 0
  srv-ex01: Access is denied.(5)
  When I tried with username and password there is no access denied alert but the remote server still no shutdown.
  shutdown -u administrator -p 123456 -m \\srv-ex01-s -c "shutdown now" -t 0
  Please commend.
  BR,
  Khemarin
  [email protected]

  Hi,
  Is there any update?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Access Denied when trying to open a file that is encrypted on network share with EFS

  I just recently enabled EFS on the default domain policy and created a new network share, encrypted a file and added myself to that file and tried to open the file from my workstation.  I then receive an error "Access denied", I also tried
  to create a file and encrypt it on that same share and get an error "The requested operation cannot be completed.  The computer must be trusted for delegation and the current user account must be configured to allow delegation."  
  My steps.
  1. Enable group policy for EFS, removed the expired certificate that was already there and Created a new Data recovery agent.
  2. Created a network share, created a test file, enabled encryption on the file 
  3. certmgr.msc, personal and requested a new certificate, Basic EFS
  4. On the network share and properties of file, advanced, details and added the user
  5. from the workstation tried to access the file, Access Denied.  I can create any file I won't just can't add attributes to encrypt the file or open an encrypted file
  Now if I go to the server where the CA is located which is also the AD server and create share and run the same process it works as expected.  I'm guessing I have to export the cert from the CA server as a pfx and import that to both the server that
  has the network share and the workstation but that still doesn't seem to work.  Maybe I don't understand how EFS works and this is not possible?  Any suggestions would be appreciated.

  You are correct in not understanding how EFS works.
  When you connect to an encrypted file via a network share, the encryption/decryption takes place *on* the server. To enable over the network access, the server's computer account must be trusted for delegation.
  The server actually impersonates the user and creates a user profile on the server (containing the defined EFS certificate and private key). The important thing to remember is that the files is transmitted in clear text from the server to the client.
  See http://blogs.technet.com/b/instan/archive/2010/08/11/remote-efs-decryption-and-trusted-for-delegation-requirements.aspx
  Brian

• "Access denied" when opening report on RAS Server

  I'm sure I'm doing something wrong, but I've only been able to open a report using the rassdk protocol from the server where my java code is running.    This is fine, but I was hoping for efficiency sake that I could have reports reside on the RAS server itself.
  My ras server definitely has a Crystal report called EBTest.rpt in the c:\temp directory.  I run this code...
  ReportClientDocument rcd = new ReportClientDocument();
  rcd.setReportAppServer(ReportConstants.RAS_HOST);
  rcd.open("c:\\temp\\EBTest.rpt", OpenReportOptions._openAsReadOnly);
  rcd.close();
  According to the JavaDoc, this should work, but I get this error ...
  Caused by: com.crystaldecisions.sdk.occa.report.lib.ReportSDKServerException: Access denied. Please check directory setting for files you can access.---- Error code:-2147467259 Error code name:failed
       at com.crystaldecisions.sdk.occa.report.lib.ReportSDKServerException.throwReportSDKServerException(Unknown Source)
       at com.crystaldecisions.proxy.remoteagent.s.a(Unknown Source)
       at com.crystaldecisions.sdk.occa.report.application.ReportClientDocument.if(Unknown Source)
       at com.crystaldecisions.sdk.occa.report.application.ReportClientDocument.if(Unknown Source)
       at com.crystaldecisions.sdk.occa.report.application.ReportClientDocument.a(Unknown Source)
       at com.crystaldecisions.sdk.occa.report.application.ClientDocument.open(Unknown Source)
  Am I missing something trivial?  
  Thanks,
  Eric

  Now that I've got it working, I expected that the RAS-local approach would be much faster than the RAS-remote, but I didn't find that to be the case in a quick test that I did.  Is this what you'd expect?  Or is there a different part of the ReportClientDocument interaction that would be more efficient. 
  From what I've seen, the ReportClientDocument construct and open() are one of the expensive aspects of the report rendering.
  Enclosed are the results from a test I did:
  --PERF--20 iteration test for 'Test local report initialization'
  --PERF--WARMED UP in 3359 ms
  --PERF--,Iterations          ,Total Time (mS)     ,Avg(ms)/Iteration   ,Transactions/sec   
  --PERF--,20                  ,35515               ,1775.75             ,0.5631423          
  --PERF--20 iteration test for 'Test remote report initialization'
  --PERF--WARMED UP in 1828 ms
  --PERF--,Iterations          ,Total Time (mS)     ,Avg(ms)/Iteration   ,Transactions/sec   
  --PERF--,20                  ,37109               ,1855.45             ,0.5389528          
  And here's the bulk of the code that generated those results...
  int numIterations = 20;
  PerformanceUtils.runPerformanceTest("Test local report initialization", numIterations, new Command(){
       public void execute() {
            try{
                 ReportClientDocument rcd = new ReportClientDocument();
                 rcd.setReportAppServer(ReportConstants.RAS_HOST);
                 rcd.open("D:\\Program Files\\Business Objects\\BusinessObjects Enterprise 12.0\\Samples\\EN\\Reports\\triCalendarPeriod___-___Find___-___Months.rpt", OpenReportOptions._openAsReadOnly);
                 rcd.close();
            }catch(Exception e){
                 throw new RuntimeException(e);
  PerformanceUtils.runPerformanceTest("Test remote report initialization", numIterations, new Command(){
       public void execute() {
            try{
                 ReportClientDocument rcd = new ReportClientDocument();
                 rcd.setReportAppServer(ReportConstants.RAS_HOST);
                 rcd.open("rassdk://./test/data/crystal/triCalendarPeriod___-___Find___-___Months.rpt", OpenReportOptions._openAsReadOnly);
                 rcd.close();
            }catch(Exception e){
                 throw new RuntimeException(e);

• Applet Error:java.security.AccessControlException: access denied

  Hi,
  I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
  the test of application module is successful. In the same workspace, I create an new project with
  an applet(which contains only an grid control)as a client of the business component. Everything works
  fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
  error message in java console:
  Java(TM) Plug-in
  Using JRE version 1.2.1
  User home directory = D:\Documents and Settings\ERic
  Proxy Configuration: no proxy
  JAR cache enabled.
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
  Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
  java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
  at java.security.AccessControlContext.checkPermission(Compiled Code)
  at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
  at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
  at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
  at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
  at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
  at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
  at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
  at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
  at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
  at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
  at sun.applet.AppletPanel.run(Compiled Code)
  at java.lang.Thread.run(Thread.java:479)
  The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
  Is anyone can help?
  ERic

  Hi Shaji,
  Are you calling a webservice from within an Xacute Query for your applet?  On first glance, it looks like a web service call is being rejected due to security permissions.  If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
  Regards,
  Mike

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Access Denied when trying to access shared folders on the server with administrative privileges

  I have problem accessing shared folder on the server machine from Windows 7 machine even if I try to access it with administrative privileges (server Administrator account). I will try now to explain better my situation.
  In my company, we have small network infrastructure with one main server machine (HP ProLiant server) with Windows Server 2012 R2 installed and couple of desktop machines. The network is administrated by me.
  On Windows Server we have installed and setup DHCP, DNS, Remote Access and Routing, File and Storage and Active Directory services. Desktop machines are having Windows 8.1 Pro, Windows 8.1 or Windows 7 Home Premium installed on them. In Active
  Directory I have created domain, User groups and Users for employees in my company and so far, I didn't added desktop machines to the domain.
  Also, I've created one folder on the server which should contain different projects data for network users and I have set access permissions and security for this folder and shared it on the network (I've added couple of users to one user group and I
  gave Full control to this group over this folder). When I try to access this folder from network, I've been asked for login credentials (normally), where I just type in one of users username and password who has been given access permissions to (who is member
  of group with full control over the folder). From Windows 8.1 Pro and Windows 8.1 machines I can access and work on this folder without any problems.
  The problem comes with Windows 7 machines. On Windows 7 machines (I have also tried this with Windows 7 Ultimate in VMWare) I can access server, I can see its shares, but as soon I try to access folder I've created for projects, I get Access Denied message
  with request for User login credentials. Whichever user account I use (even servers main Administrator account) I keep getting this message over and over and I'm unable to access it at all.
  I have also tried to access the server through VPN (from local or outside) but I'm getting the same error again. Also I've tried to add these Windows 7 machines to the domain and login with domain user but the result is the same. Turned off both firewalls
  (on server and desktop machines, which I know is unnecessary, but lets try it), still same case. I've tried couple more things with registry editor on desktop machines which I found on different forums and websites but still no luck. And now I don't know
  what else I can do.
  Does anyone knows what's the problem here, have I set something wrong, have not set something I should?

  Hi MeipoXu,
  thanks for your response. I will first answer on your question.
  Yes, the main issue is that we can see the folder when we access the server but we cannot access its contents from Windows 7 machines. I have tried on two machines, one with Windows 7 Home Premium version and the other one with Windows 7 Ultimate version
  and the situation is the same.
  As you recommended, I've checked Network Discovery and File and Printer Sharing and the situation is next: File and Printer Sharing is turned on all layers (Private, Public and Domain) while Network Discovery is off for all layers too. I don't know if this
  is normal thing but Network Discovery cannot be turned on in Windows Server (I'm able to select Turn on Network Discovery and apply the changes, but when I get back to this settings page, I again see that it's turned off, so I assume this can't be changed
  at all).
  I also tried with icacls in command prompt and everything seems to be ok there regarding permissions. Share permissions are set to Full control to Everyone and Security permissions are set to Full control only for Administrators and the user group I've created
  for employees in my company. The confirmation for this is that on Windows 8 machines you can access this folder without any problem and without getting any message connected with access permissions with any user account within this user group. This share is
  created through File and Storage Services service in Server Manager panel.
  And then something came up on my mind. I went in Server Manager to check shared folder settings in File and Storage Services and under Settings page I saw that "Encrypt data access" has been enabled (I enabled this option because I thought
  I will get more security with this option). I asked my self what would happen if I disable it, tried it and now everything works ok on Windows 7 machines too. Now I assume that Windows 7 doesn't have this feature implemented or there are some
  settings which needs to be set on Windows 7 machines to make this encryption thing work with Windows Server. So basically, I will let this feature off for now until I find out more about it and how to implement it to work with all operating systems.
  I want to thank you once more for your kind help!