Vista network folder issue
I work in a large enterprise environment. Users have home directory folders located on a network filer. When users are terminated, we usually delete the home directories after we unshare the users network folder. However, when you try to delete the folder from Vista, we get "You need permission to perform this action" on certain folders. It deletes most of the data, but usually we get this error on My Documents, Favorites, My Music, etc., even though these folders weren't originally created by Vista. It's almost like Vista thinks these are system folders even though they are on a network folder and were actually created in a previous version of windows. I've taken ownership of the folders, I have full NTFS permissions to the folder, but can't delete the network folder from a Vista machine. If I try to delete the same folder from an XP or 2000 machine using the same domain account, it deletes with no problems.
Any ideas?
Any ideas?
Comments
-
Tbert Member Posts: 6 ■□□□□□□□□□As a matter of fact, I just noticed that the folders that won't delete on the network share usually have a Vista icon associated with them. For instance, the Favorites folder has an open folder with a yellow star. So, the Vista must recognize some of these network folders has systems folders. Now, the question is, how do we remove that?
-
Claymoore Member Posts: 1,637When you say network filer I assume that means the home drives are located on a CIFS share on a NAS device, which is really just a version of Samba and Linux. For your Vista PCs to use these shares correctly you may have to change the LanManager Compatibility level in Vista. Vista does not use LM or NTLM for authentication by default, but the filer may only send LM or NTLM responses so Vista's settings need to be changed. This will basically 'downgrade' Vista's authentication mechanisms to work with the NAS filer software and can be done two ways:
Group Policy:
Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - Security Options
Network security: LAN Manager authentication level
You may need to change this to Send LM & NTLM - use NTLMv2 session security if negotiated for the most compatibility, but Send NTLM response only would be more secure so you should try it first
Registry Edit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Set the lmcompatibilitylevel value to 2 which would be equivalent to the Send NTLM response only in the Group Policy setting
After you change these settings, you will need to reboot.
You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
LmCompatibilityLevel settings
The LmCompatibilityLevel registry entry can be configured with the following values:- LmCompatibilityLevel value of 0: Send LAN Manager (LM) response and NTLM response; never use NTLM version 2 (NTLMv2) session security. Clients use LM and NTLM authentication, and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
- LmCompatibilityLevel value of 1: Use NTLMv2 session security, if negotiated. Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
- LmCompatibilityLevel value of 2: Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
- LmCompatibilityLevel value of 3: Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
- LmCompatibilityLevel value of 4: (Server Only) - Domain controllers refuse LM responses. Clients use NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers refuse LM authentication, and accept NTLM and NTLMv2 authentication.
- LmCompatibilityLevel value of 5: (Server Only) - Domain controllers refuse LM and NTLM responses, and accept only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2 session security if the server supports it; domain controllers refuse NTLM and LM authentication, and accept only NTLMv2 authentication.
-
Tbert Member Posts: 6 ■□□□□□□□□□That's correct, this is a NAS filer. I should have mentioned that. Sorry.
Anyway, I'm trying this now. I truly appreciate your help. Been all over the internet looking for an answer. Will let you know how it goes shortly. Thanks again.