Server 2012 System Error 5 When Connecting to Administrative Shares
Because Microsoft Windows is made by a bunch of butt-heads that can't figure out that System Administrators, Engineers, and Help Desk Analysts don't want to be forced into doing things their way we now have the following.
This is a chronicle of the steps I am taking to fix a problem with users not being able to open default administrative shares that they have access too.
The Problem
- Server 2012 (now called s12) has a drive with letter "E".
- The security group "Special-APP" have read/execute permissions to drive letter "E" as well as full access to a sub directory.
- Users are not able to access \\s12\e$ with a prompt from their workstations asking for user name and password.
- If a user enters their domain credentials they are denied access.
- If you try to access the share using
C:\net use \\s12\e$
You get asked for your credentials, and then are given
System error 5 has occurred
The Attempts to Fix
1.
I found the server had the wrong time zone, because someone other than myself installed it. (the idiot also ignored me when I asked why we installed the 32bit application when the server supports the 64bit version). Made the correction, still can't access the share.
2.
<reference>https://helgeklein.com/blog/2011/08/access-denied-trying-to-connect-to-administrative-shares-on-windows-7/</reference>There was mention that a registry entry was to blame for this (All problems in Windows are blamed on the registry, and the users). But as I looked the entry was not available, but someone online said that creating the entry will also work. So
- Open regedit
- Clicked on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Created REG_DWORD (32-bit) entry with Value LocalAccountTokenFilterPolicy and Data 1.
Well that didn't work.
3.
<reference>http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx<reference> The next thing I needed to try was to disable UAC. The moron that built the server was kind enough to set UAC to "Never notify". But Microsoft won't just let you be the system adminstrator without a fight. You have to edit the registry again to disable UAC for real.
- Open regedit
- Click on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- Edit EnableLUA
- Modify Data from 1 to 0
- Reboot (Because if you sneeze near a Windows server, you must reboot it).
Scheduled a reboot, problem persists.
The Fix
(Haven't Found One Yet)
- FYI LEAPFROG SUPPORT SUUUUUCKSS!!!!!! NEVER NEVER NEVER GO TO RIBBIT.NET aka http://leapfrogservices.com/ . They are the FREAKING WORST!