bootix ::: Problems & Solutions ::: "Access denied" error messages after connecting network drive

	bootix ::: Problems & Solutions ::: BootManage Administrator

"Access denied" error messages after connecting network drive

SYMPTOM

When using the BootManage Administrator to perform an unattended Windows installation via a DOS/Win98 boot image, the client appears to successfully connect a network drive to the installation server, but then displays "Access denied" error messages. When you check the access permissions on the installation server, you find that they are completely in order.

CAUSE

This error message appears when the installation server is a Windows Server 2003 machine that is configured as an Active Directory domain controller. For these machines, the default security policy is to enforce that all communication must always be digitally signed. As the Microsoft Network Client for DOS does not support digitally signed connections, but the server requires it, the client's packets are rejected by the server, and the misleading "Access denied" errors are displayed.

RESOLUTION

This issue can be resolved by changing the installation server's default domain controller security settings so that it allows communication that is not digitally signed. In order to do this, proceed as follows:

1. Open the default domain controller's policy
2. In the left-hand pane, open "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options"
3. In the right-hand pane, click "Microsoft network server: Digitally sign communications (always)"
4. In the dialog that opens, select "Disabled", and then click "OK"

Very detailed information about this setting and its security implications are described in Microsoft Knowledge Base Article 823659 titled "Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments".

As already said, this error message only appears when the installation server is a Windows Server 2003 Active Directory domain controller. In order to avoid the problem, you may simply choose a different (non domain controller) machine as installation server.

Also, this problem only occurs when using a DOS/Win98 boot image. In order to avoid the problem, you may use a Windows PE or BartPE boot image instead.

Back to Problems & Solutions overview

Impressum | Datenschutz