Windows Tomfoolery
So I come home from eating dinner, and all I want to do is get to some files to my PC from my laptop. It should be noted that this has worked perfectly for several months (My Documents is shared to my Laptop). SMB Gives me the following error:
mount -t smbfs -o username='username' //pc/share /mnt/pc/
Anonymous Login Successful
10551: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
Now, to me this meant that Windows, in its infinite wisdom felt that I needed better security. About a ago right after I got home from school the Security permissions on my entire second hard drive were re-applied so that only the CREATER OWNER user was allowed to access and modify any files. Thankfully, I just logged in as the user and correct all of the problems. This time the same thing happened, however the registry and group policies were set to the appropriate permissions. Forcibly changing the permissions and gpupdating would make the appropriate changes, but the settings would reset themselves.
In addition, there were two orphaned SIDs in the permissions group. I used a short vbscript to resolve the SIDs to Usernames. It turns out that these SIDs resolved to my administrator username and my daily user, both of which were also listed in the permissions properties. Oddly enough, doing a lookup by the username instead of the SID returned a different ID. Apparently last night there was a short power outage and a loss of network connectivity for about 3 minutes (as best I can tell from my Event Logs) my PC dropped 32 of Event 51 (An error was detected on device \Device\Harddisk2 during a paging operation.) At the same time there were several MRxSmb Errors (Event ID 3019). This attempt at accessing My Documents from a remote PC coupled with a loss in network and a short power outage MAY have caused some corruption in my group policies and resulted in the problems that I had above.
Fed up, I had to use SECEDIT to rebuild and reassign permissions and policies based upon a database and ini file assigned to it. Since this is a secondary drive, I had to create a config file for the directory by hand which I had never done before. To be safe, I also rebuilt my default Windows policies (which can be found in the file C:\WINDOWS\Repair\secsetup.ini).
Anyway, this was an interesting problem but I am pissed off about it. On the other hand, I wish Windows 2003 Server wasn't so expensive. I would setup a full domain here at the house instead of just my lonely Windows XP Desktop and the Linux Server I've been playing with. With all of the crap that Microsoft gets, Active Directory is an awesome product.
mount -t smbfs -o username='username' //pc/share /mnt/pc/
Anonymous Login Successful
10551: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
Now, to me this meant that Windows, in its infinite wisdom felt that I needed better security. About a ago right after I got home from school the Security permissions on my entire second hard drive were re-applied so that only the CREATER OWNER user was allowed to access and modify any files. Thankfully, I just logged in as the user and correct all of the problems. This time the same thing happened, however the registry and group policies were set to the appropriate permissions. Forcibly changing the permissions and gpupdating would make the appropriate changes, but the settings would reset themselves.
In addition, there were two orphaned SIDs in the permissions group. I used a short vbscript to resolve the SIDs to Usernames. It turns out that these SIDs resolved to my administrator username and my daily user, both of which were also listed in the permissions properties. Oddly enough, doing a lookup by the username instead of the SID returned a different ID. Apparently last night there was a short power outage and a loss of network connectivity for about 3 minutes (as best I can tell from my Event Logs) my PC dropped 32 of Event 51 (An error was detected on device \Device\Harddisk2 during a paging operation.) At the same time there were several MRxSmb Errors (Event ID 3019). This attempt at accessing My Documents from a remote PC coupled with a loss in network and a short power outage MAY have caused some corruption in my group policies and resulted in the problems that I had above.
Fed up, I had to use SECEDIT to rebuild and reassign permissions and policies based upon a database and ini file assigned to it. Since this is a secondary drive, I had to create a config file for the directory by hand which I had never done before. To be safe, I also rebuilt my default Windows policies (which can be found in the file C:\WINDOWS\Repair\secsetup.ini).
Anyway, this was an interesting problem but I am pissed off about it. On the other hand, I wish Windows 2003 Server wasn't so expensive. I would setup a full domain here at the house instead of just my lonely Windows XP Desktop and the Linux Server I've been playing with. With all of the crap that Microsoft gets, Active Directory is an awesome product.