NT Status: STATUS_ACCESS_DENIED (0xc0000022) SMB2
Hi,
Had an interesting issue with Access Denied Error for a Share on a Windows Server. Users were getting "You don't have permissions to access \SERVER\SHARE" but no permissions were denied.
Just doing a comparison on a working share vs non working share we were able to see that non working share was missing FileSystemRights - Synchronize for BUILTIN\Users (Synchronize permission is not visible in the GUI and can only be seen via PS or Sysinternals tool)
Get-Acl d:\share | select -ExpandProperty access | fl
If we filter for smb.access.synchronize can see 2 packets. First after a successful share access, second after a failed.
Is can NOT wait on handle to synchronize referring to the missing Synchronize NFTS permission or it's referring to something else with the same name?
Thanks
How to reproduce: Create a share on a Windows system, remove Synchronize permissions.
# Step 1: Get current ACL
$acl = Get-Acl -Path 'X:\share'
# Step 2: Identify the access rule to modify
$accessRule = $acl.Access | Where-Object {
$_.FileSystemRights -eq 'ReadAndExecute,Synchronize' -and
$_.IdentityReference -eq 'BUILTIN\Users' -and
$_.AccessControlType -eq 'Allow' -and
$_.IsInherited -eq $false
}
# Step 3: Remove the access rule if found
if ($accessRule -ne $null) {
$acl.RemoveAccessRule($accessRule)
# Apply the modified ACL back to the directory
Set-Acl -Path 'X:\share' -AclObject $acl
Write-Output "Synchronize permission removed successfully."
} else {
Write-Output "No matching access rule found to remove."
}
This can be seen in
smb2-peter.pcap
from https://wiki.wireshark.org/SMB2#Examp...:Not really a Wireshark question, more one for an SMB2 discussion.