Sign in with
Sign up | Sign in
Your question

File system "Access Denied" errors

Last response: in Windows XP
Share
September 9, 2010 10:07:49 PM

First issue I can't find a fix for :cry:  This will be a bit long, erorr log messages at the bottom.

Some users on a few of our computers all of a sudden a few weeks ago lost the ability to create new files anywhere on some computers, including their own user folder. If they try to create anything new on their own Desktop, they get an "Access Denied" dialog. This of course causes all sorts of havoc as applications need to write to temp files, they can't run the logon script properly, etc...

We have a domain, users logon to their network accounts.

Removing the local user account directories that are affected and re-creating them does not help. Soon as I delete the local account files for them, they logon, same thing, can't create any files. These users can logon to other computers fine, no issues. Some users, on a handfull of computers have this issue. Nothing new was installed on these computers in the time that they were working and failed. These are critical care hospital computers and any installations to them are very tightly controlled.

I re-installed Windows and all of the MS updates on the computers with issues at least once, and on one system, twice. All of the computers with the issues are the same hardware, but other identical PCs don't have the issue.

It works fine when I test it as the administrator account, my network account, several other network accouts, yet some users on some machines, after they logon for the first time, no file system rights at all.

If you check the file/folder permissions, everything looks good. The user's have full rights to their folders, yet still get "Access Denied" anywhere we try to create a new file. Root of C:, their desktop, etc... Their network share works fine though, this issue is only on the local C:\ drive.

A few hours of reading through technet and Google searches got me nothing. Event logs are filled with errors stating that so and so file could not be written, see below. This has me a bit stumped. I'm about to call MS support for the first time ever if none of you know why this is happening.

Event Type: Error
Event Source: ESENT
Event Category: General
Event ID: 485
Date: 9/9/2010
Time: 11:48:37 AM
User: N/A
Computer: xxxxx
Description:
wuauclt (2204) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: .NET Runtime Optimization Service
Event Category: None
Event ID: 1103
Date: 9/9/2010
Time: 11:43:38 AM
User: N/A
Computer: xxxxxx
Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
September 10, 2010 6:15:38 AM



Before you give MS your credit card number, here's an example of what to expect on the phone.

http://social.answers.microsoft.com/Forums/en-US/vistap...

The poor guy got the attempted hand-off to someone else, the Okie-dokie, the plain-old run-around and the rubber-stamped won't help a bit bit advice. The worst was from Marilyn-Support EngineerMicrosoft Support, Moderator. She was just like the typical Windows trouble-shooter, useless.

The one site that actually had something relevant to say was:

http://www.techspot.com/vb/topic152625.html

I'm like you on this one, never seen it before, but my instinct says it's not a permissions thing, it's a security thing, perhaps in Local Security Policy, User Rights Assignments, or, Security Options.

There again, it may all be because Framework is an "add-on" to Win XP and just doesn't always work out when some otherwise benign situation exist.

For what it's worth, and if can help in time, I'll keep looking.
m
0
l
September 10, 2010 11:46:15 AM

tigsounds said:
Before you give MS your credit card number, here's an example of what to expect on the phone.

http://social.answers.microsoft.com/Forums/en-US/vistap...

The poor guy got the attempted hand-off to someone else, the Okie-dokie, the plain-old run-around and the rubber-stamped won't help a bit bit advice. The worst was from Marilyn-Support EngineerMicrosoft Support, Moderator. She was just like the typical Windows trouble-shooter, useless.

The one site that actually had something relevant to say was:

http://www.techspot.com/vb/topic152625.html

I'm like you on this one, never seen it before, but my instinct says it's not a permissions thing, it's a security thing, perhaps in Local Security Policy, User Rights Assignments, or, Security Options.

There again, it may all be because Framework is an "add-on" to Win XP and just doesn't always work out when some otherwise benign situation exist.

For what it's worth, and if can help in time, I'll keep looking.


I did find something about the optimization in .net error, but I think that is not the cause of the access denied issues, although that error comes up in the log before the access denied ones. I think the .net error comes up just when the user logs on, which is why it's first.

For MS Support, we are a large enterprise around 8,000 employees, I know we can get through to high-level support very quickly. Usually in my experience you either need to get a really good 2nd level tech or a 3rd level tech to actually fix something. We had a very interesting group plolicy issue on ONE of our computers and one of our best techs called MS about it, a day later he was talking to an engineer/programmer that spend quite a long time working on the issue.

Your idea bout it being someing in the plicy may pan out though, have not checked in there. At least I know it can't be machine based as other users on the PC work fine, need to poke around the user-based settings. I already asked to get a list of users affected so I can start checking.
m
0
l
!