Access Denied on Shared Folder
I have the same shareing permissions on the C: and D: drives of my Windows Nt 4. 0 server. I am able to access all directories and sub directories on C: but can not open subdirectories on D:. If I sign in as another user on the same XP machine I can access all shared directories.
I have the same shareing permissions on the C: and D: drives of my Windows Nt 4.0 server. I am able to access all directories and sub directories on C: but can not open subdirectories on D:. If I sign in as another user on the same XP machine I can access all shared directories. The user that can not access the sub directories has admin rights. Help
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
The following article explains how to resolve my issue. Does anyone have a new version of Netdom.exe that I can download?
HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000 Domain Controller
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
IN THIS TASK
SUMMARY
Using Netdom to Reset a Machine Account Password
Summary
Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).
This behavior is also applicable to replication between domain controllers of the same domain. If the domain controllers that are not replicating reside in two different domains, you should inspect the trust relationship more closely.
You cannot change the machine account password using the Active Directory Users and Computers snap-in, but you can reset the password using the Netdom.exe tool included in the Windows Support Tools.
The Netdom tool resets the account password on the computer locally (known as a "local secret") and writes this change to the computer's computer account object on a Windows domain controller that resides in the same domain. Simultaneously writing the new password to both places ensures that at least the two computers involved in the operation are synchronized, and starts Active Directory replication so that other domain controllers receive the change.
The following procedure describes how to use the netdom command to reset a machine account password. This procedure is most commonly used on domain controllers, but also applies to any Windows machine account.
Because you cannot use Netdom remotely, you must run the tool from the Windows-based computer whose password you want to change. In addition, you must have administrative permissions locally and on the computer account's object in Active Directory to run Netdom.
back to the top
Using Netdom to Reset a Machine Account Password
Install the Windows Support Tools from the Support\Tools folder on the Windows CD-ROM on the domain controller whose password you want to reset.
If you are attempting to reset the password for a Windows domain controller, it is necessary to stop the Kerberos Key Distribution Center service and set its Startup type to Manual prior to continuing with step 3.
Note: After you restart and verify that the password has been successfully reset, you can restart the Kerberos Key Distribution Center service and set its Startup type back to Automatic. Doing this forces the domain controller with the bad computer account password to contact another domain controller for a Kerberos ticket.
At a command prompt, type the following command:
netdom resetpwd /server: /userd:\ /passwordd:*
where is the fully qualified DNS or NetBIOS name of a domain controller in the same domain as the local computer, and \ is the NetBIOS domain name and administrator ID respectively, in the Security Accounts Manager (SAM) account name credentials format.
The "*" value to the /PasswordD: parameter specifies that the password should be typed using hidden characters when the command is submitted. For example, the local computer (which happens to be a domain controller) is Server1 and the peer Windows domain controller name is Server2. If you run Netdom on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers:
netdom resetpwd /server:server2 /userd:\administrator /passwordd:*
Restart the server whose password was changed (in this example, Server1).
back to the top
First Published: Apr 25 2000 11:29AM
Keywords: w2000acl w2000grppol kbAudITPro kbHOWTOmaster kbACL kbGPO kbhowto target principal name is incorrect netlogon event 3210 5722
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q260575&
HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000 Domain Controller
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
IN THIS TASK
SUMMARY
Using Netdom to Reset a Machine Account Password
Summary
Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).
This behavior is also applicable to replication between domain controllers of the same domain. If the domain controllers that are not replicating reside in two different domains, you should inspect the trust relationship more closely.
You cannot change the machine account password using the Active Directory Users and Computers snap-in, but you can reset the password using the Netdom.exe tool included in the Windows Support Tools.
The Netdom tool resets the account password on the computer locally (known as a "local secret") and writes this change to the computer's computer account object on a Windows domain controller that resides in the same domain. Simultaneously writing the new password to both places ensures that at least the two computers involved in the operation are synchronized, and starts Active Directory replication so that other domain controllers receive the change.
The following procedure describes how to use the netdom command to reset a machine account password. This procedure is most commonly used on domain controllers, but also applies to any Windows machine account.
Because you cannot use Netdom remotely, you must run the tool from the Windows-based computer whose password you want to change. In addition, you must have administrative permissions locally and on the computer account's object in Active Directory to run Netdom.
back to the top
Using Netdom to Reset a Machine Account Password
Install the Windows Support Tools from the Support\Tools folder on the Windows CD-ROM on the domain controller whose password you want to reset.
If you are attempting to reset the password for a Windows domain controller, it is necessary to stop the Kerberos Key Distribution Center service and set its Startup type to Manual prior to continuing with step 3.
Note: After you restart and verify that the password has been successfully reset, you can restart the Kerberos Key Distribution Center service and set its Startup type back to Automatic. Doing this forces the domain controller with the bad computer account password to contact another domain controller for a Kerberos ticket.
At a command prompt, type the following command:
netdom resetpwd /server: /userd:\ /passwordd:*
where is the fully qualified DNS or NetBIOS name of a domain controller in the same domain as the local computer, and \ is the NetBIOS domain name and administrator ID respectively, in the Security Accounts Manager (SAM) account name credentials format.
The "*" value to the /PasswordD: parameter specifies that the password should be typed using hidden characters when the command is submitted. For example, the local computer (which happens to be a domain controller) is Server1 and the peer Windows domain controller name is Server2. If you run Netdom on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers:
netdom resetpwd /server:server2 /userd:\administrator /passwordd:*
Restart the server whose password was changed (in this example, Server1).
back to the top
First Published: Apr 25 2000 11:29AM
Keywords: w2000acl w2000grppol kbAudITPro kbHOWTOmaster kbACL kbGPO kbhowto target principal name is incorrect netlogon event 3210 5722
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q260575&