Permissions problems after joining Server 2003 to domain

Hi All,

have a bit of a strange thing happening here. I work in the IT department at a school, and unfortunately it has been "bodged" a little...well ALOT!!! by someone who really didnt know what they were doing.

They have around 20 servers, all working reasonably OK....however, when joining a new server 2003 box (fully updated) to the domain, (either using administrator account, or my domain admin account) i suddenly cannot run files that are already on the network, ie in shares etc. i just get a window saying the following:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item"

i've tried to access lots of different .exe and .msi files, from openoffice, vlc media player, MS Office, VM Ware convertor etc etc but everything gets the same result. i've even tried more than 1 server, (2x vmware esxi virtual machines...one 32bit and one 64bit, now at first i thought maybe it was something to do with VMWare, but installing a fresh copy of server 2003 directly on 2 seperate boxes gets the same result, now when i check the effective permissions with both the admin account and my own i get told that i have full control of the file, i've even tried taking ownership all over again but it makes no difference. it does let me move the file from the share, onto the desktop, just not actually run it!?!

i have a home folder mapped to my user, which i download software etc too, can use them anywhere i am logged in, but when i log onto these boxes i can't run anything.

If i log onto another server with the same accounts i can access the files just fine.

when i joined the domain i used my own account to add the machine, then when logging on as administrator i couldnt install things like sharepoint or WSUS.

i've got an idea maybe it was SP2 that did it, but i downloaded the file via MS update so its current, not an old build.

versions i am using are the following:

Server 2003 R2 32 bit and Server 2003 64 bit. They are both causing these problems.

i'm getting GPO errors in all of the new servers i have joined to the domain, but this is just because of the permissions error.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 13/03/2009
Time: 13:11:14
User: NT AUTHORITY\SYSTEM
Computer: SMTP
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 13/03/2009
Time: 13:11:14
User: NT AUTHORITY\SYSTEM
Computer: SMTP
Description:
Windows cannot access the file gpt.ini for GPO CN={11C226F4-967A-43B5-B6B4-BA1DB71CF397},CN=Policies,CN=System,DC=XXXXXXXXXXX,DC=local. The file must be present at the location <\\XXXXXXXXXXX.local\SysVol\XXXXXXXXXXXXX.local\Policies\{11C226F4-967A-43B5-B6B4-BA1DB71CF397}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

(for security reasons i've hidden domain info...its not actually xxxxxxx.local! )


im lost on this one. any ideas?

I've added the info i can think of, but happy to provide more details if someone requests it.]

Thanks in advance

Ian

 

Hi Everyone,

i still havent resolved this. any ideas as to what has caused this? i can't see anything that has caused it.

Thanks

Ian

 

I have the exact same issue with logging in under admin accounts. Any help with this would be appreciated.

 

I found the solution to my issue, maybe this will help too.

Go into internet options, under the 'security' tab. Click 'Trusted sites' then the 'Sites' button below that.

Simply type in the servername which contains the share you want to access. For example: \\server

Click "add" once you've typed the server name into the box and then click 'ok' to close the internet options. You should now be able to run executables from the defined server.

cheers
Jordy