I have a problem with the sharepoint server, I added 2 new domain users and they cannot access the sharepoint site ,they're getting the 'Access Denied' msg,although all users are given permissions to access the main website by default as soon as they're added to the domain
Any suggestions ?? or settings that i can check?
Thank you in advance
First of all, check that they have a clean IE cache, have restarted their browser etc.
Check that they don't have an incorrect stored user name and password against the site host name on their Windows profile.
Ensure that the permissions on the site in question haven't been amended without your knowledge.
Ensure that they are in the correct AD group (if necessary)
Have a look at the IIS logs and ensure that their credentials are being passed in. (Search for their username). If they are not, you'll need to ensure that the SharePoint site is in the correct zone on their browser to get credentials passed in. (Trusted sites?)
Have a look in the Windows Event Logs and ULS logs when they try to hit the site to see if anything unexpected is happening
Ensure that you don't have any Web Application policies set up (go to Central Admin -> Application Management --> Policy for web application) which would deny these specific users access.
Ensure that the user account directory path, and people picker settings for the site are not stopping them from getting access:
stsadm -o getsiteuseraccountdirectorypath -url <site url>
stsadm -o getproperty -pn peoplepicker-seachadcustomfilter -url <site url>
Sharepoint caches the domain user credentials, new users may not be available right away. Try checking the synchronization messages in "Central Administration" -> "Application Management" -> "Manage service applications" -> "User Profile service application" and maybe force a new synchronization.
You must set permissions for newly added domain user in sharepoint. Add it to a group that has permissions to read your root site. See permissions at url: http://server/_layouts/user.aspx
Related
I have a website I am setting up which creates a subfolder to its own location based on which user logs into the website. An administrative account we'll call admin runs the website through IIS Manager (as indicated through the basic and advanced settings on the site's tab in IIS, which indicate the credentials for admin are correct), and admin also has full security permissions to the folder that IIS refers to. The website is I think otherwise fully up and running because the login screen loads successfully. However, despite the fact that admin is both running the site and has full access to the folder, it is failing to create the folder and as such is failing to operate the website properly. I know it is this error because the website's error logging reports an UnauthorizedAccessException to the folder I would expect to be created.
Can anyone help me figure out why it is unable to create a folder in the website location? Thank you.
To fix issue, you can try to add the IIS AppPool user to the root folder of your application by right clicking the folder and selecting Properties. Select the Security tab and add the IIS AppPool<AppPoolName> user.
And you can also decide to create a custom user to access the file system from IIS. Create a new Windows (or AD) user and click your site inside the IIS Manager. From the Actions window click Basic Settings. Finally, click the Connect as button and input the new user below Specific user:
I have using SSRS 2008r2 on Windows2003 server and added Domain Users group as a System Administrator via report manager. However, when I mimic an ordinary user in report manager web interface on my computer(member of the domain) I get;
User 'usera' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
if I try with user a on the server by using FQDN, it it shows same error above.
If I type localhost instead, it does work. while using localhost, it I navigate to a folder and while I am in a folder and change the localhost to FQDN, it still works.
There are lots of solutions on the web, like the one on http://skamie.wordpress.com/2010/06/24/ssrs-and-uac/, but it did not work..
Does anyone have any idea?
Many Thanks
Regards
Have you tried right-clicking on IE and select Run as Administrator?
I have to do that from time to time on my development machine so it is sort of first solution that came to mind. Hope it helps.
Additional answer:
So the Domain Users group has System Admin role. You can try adding that group as Browser role or Content Manager role at the root folder.
I got the folloiwng exception while activating a web application feature using Stsadm:
Access denied! Only SRP admin can remove property or section.
I have no ideas what a SRP admin is. I'm also at a loss to explain what kind of access does it need. The account I'm log into the box has the maximum access possible, and I would assume that stsadm runs all its commands as the super user. Googling didn't reveal much either.
Any help would be appreciated. TIA.
Taken from here:
The account that you use to run, must be granted Personalization rights in Shared Services Administration for the Default SSP.
Go to Central Administration
Click on SSP-Public
Click on Personalization services permissions
Add the account and grant Manage user profiles
What feature are you trying to activate (if it's not a custom feature of course)? What is corresponding application pool identity? Are you farm administrator? If not, try to add yourself to farm admins. Also be sure you do "Run as administrator" when launching cmd for stsadm. If all this will not help, try to add your application pool identity to farm administrators.
I've got a SharePoint website running on my machine (which it shows me inside the Application Pool in the Inet Manager).
Now this website has a different user credentials specified under the Identity section (properties). Also when I view the w3wp.exe in the task manager it shows that the site is running as a different user.
The problem is that if I change the username and password of the existing user with mine, the site stops working.
How do I run it under my account credentials.
Please help. Thanks
If you want to change the account that runs the SharePoint application pool, you must make sure that the new account has the same permissions as the current one. That includes the correct database permissions. Otherwise the SharePoint Web Application stops working.
The behavior you are describing is normal. Whatever account you use to login to your SharePoint site, the application pool will still be using the account assigned to it.
Regards,
M
All,
I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction.
Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message,
The server could not sign you in. Make
sure your user name and password are
correct, and then try again.
... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says:
alt text http://img63.imageshack.us/img63/6053/sharepointerror.png
(I added the grey bar to cover up the login name)
Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration.
Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.
Go to site action of the actual site and add user in the format of
:loginid
It should resolve and show it underlined then try login in back to application that should fix it.
Your AD connection is working fine just need to add to sharepoint users list
yourprovider:userid
Yourprovider name is the name you gave to the user provider in web config
And you can add this user from parent site that is windows protected and you have all
I suppose it's sharepoint site security issue.
I'm getting the same error when trying to enter Site Settings page with a user that has a lack of permissions.
If you have at least one user that can access the Site Settings page, I suggest you to go to Site Actions/Site Settings/Users and Permissions/People and grops then click New button and add a user from AD to an appropriate group, eg. Team Site Members.
You have made connection with Ad and its working fine. So that you got error, when you try to login with invalid user id.
But you have missed one step in above scenario.
You need to give the permission for all AD users in your SharePoint site. The better way is to create a user group in AD (it may already there) which included all the users and add this user group in your SharePoint site with read permission.