NT Status: STATUS_ACCESS_DENIED (0xc0000022) SMB2

edit

Hi,

Had an interesting issue with Access Denied Error for a Share on a Windows Server. Users were getting "You don't have permissions to access \SERVER\SHARE" but no permissions were denied.

Just doing a comparison on a working share vs non working share we were able to see that non working share was missing FileSystemRights - Synchronize for BUILTIN\Users (Synchronize permission is not visible in the GUI and can only be seen via PS or Sysinternals tool)

Get-Acl d:\share | select -ExpandProperty access | fl

If we filter for smb.access.synchronize can see 2 packets. First after a successful share access, second after a failed.

Is can NOT wait on handle to synchronize referring to the missing Synchronize NFTS permission or it's referring to something else with the same name?

Thanks

How to reproduce: Create a share on a Windows system, remove Synchronize permissions.

# Step 1: Get current ACL
$acl = Get-Acl -Path 'X:\share'

# Step 2: Identify the access rule to modify
$accessRule = $acl.Access | Where-Object {
    $_.FileSystemRights -eq 'ReadAndExecute,Synchronize' -and
    $_.IdentityReference -eq 'BUILTIN\Users' -and
    $_.AccessControlType -eq 'Allow' -and
    $_.IsInherited -eq $false
}

# Step 3: Remove the access rule if found
if ($accessRule -ne $null) {
    $acl.RemoveAccessRule($accessRule)

    # Apply the modified ACL back to the directory
    Set-Acl -Path 'X:\share' -AclObject $acl

    Write-Output "Synchronize permission removed successfully."
} else {
    Write-Output "No matching access rule found to remove."
}