13 comments on “Inaccessible Network Shares on Windows 10 1709

  1. Thank you for posting about this. I’ve run into a similar issue where shares were not being visible (ABE enabled). Did you ever figure out what exactly was going wrong here? In our case, newly created resources would work as intended pre-Creators Update but at some point later would stop working (disappear). Removing traversal privilege from the container after that point corrected the issue and I’ll be waiting a few days to see if it flip-flops back.

    For testing purposes we used the NTFSSecurity and the following PS function to set the permissions quickly. The skeleton folder simply consisted of a hierarchy of two levels (children & grandchildren containers and objects). File resource security groups follow AGUDLP group strategy.

    https://pastebin.com/kyRpbJfA

    Like

    • I wish I had more info than I already posted, but unfortunately I don’t and have been too busy chasing other random Win 10 issues to investigate this further. I think basically MS broke traverse checking in 1709. I will say that once we made the change I posted about, we have not had any further problems.

      Like

      • No worries, thanks for the post; quite literally it was the only cogent post on this issue, and it seems sporadic. I was working on a folder yesterday where quite clearly something was going on, and to make the folder visible for the user I had to remove the traversal privilege, but when re-creating the ACLs from scratch with a new resource, traversal was necessary.

        I didn’t run into your problem exactly because our users already had parent directory privileges. I did notice the only users having issues had both Traversal & Generic Read checked, and removing traversal fixed it temporarily. Ultimately I ended up recreating the resource and the issue didn’t manifest after that (so far).

        Like

  2. Fall Creators update brought us some headaches. This post solved one of those problems that wore being very hard to find out the solution. Some of our shared folders are configured with based enumeration enabled and those woren’t acessible.
    Thank you for you post.
    Greetings from Portugal

    Like

  3. i had similar issues. found it rather odd that once 1709 was installed network file access from my server changed. my mysterious issue is that my two Oppo Players can no longer access the network and these are the only devices that cannot see the network. i have other 1709 issues but not relevant to this topic.

    Like

  4. James did you ever get anywhere with this issue? I am opening a case with MS today regarding EXACTLY the same thing happening in 170 all the way to 1903

    Like

    • John, I made the change detailed in the original post, giving read access to users to the parent folder only. This resolved it and we haven’t seen it reoccur. Unless there are files in the parent folder, rather than just having sub-folders, I think this is a viable fix. Of course if you have hundreds of shares, that’s another story.

      Like

      • Unfortunately we do have tons of shares. I will comment back if Microsoft tells us anything of note.

        Thanks for the great post!

        Like

        • Please do, I would be very curious to hear their response. Hopefully you have better access to support than we do; dealing with an O365 issue right now and can’t even get them to call us during our business hours.

          Like

  5. Hi James, exactly same problem i have, same issue on Windows 1803, in which Traverse permission is not respected. Windows 7 machines are working fine. So from the file server, SMB1 is enabled but the clients are defintely using smb2 as its disabled from the registry. Even if i try to enable SMB1 on Windows 10, it still doesn’t work (or it will work but sporadic). I am quite hesistant to enable Read permission as we are dealing with Secured Network folders where we have the platform ISO certified. Once you enabled Read in conjuction with Traverse Permissions, It turns it into Read and Execute. We don’t want people to be able to run Executables from the root folder.
    I wonder if John has an update with his Microsoft troubleshooting?

    Like

    • I can’t speak to ISO certification, but I only added read permissions to “This Folder Only.” Unless you have content in the root of the folder, this really should not pose a problem. And if users do not have write access, I assume there wouldn’t be any executables there anyway. Good luck finding a viable solution for you.

      Like

      • I see i thik i get what you mean now when you say Read, what i was actually doing is leaving Traverse and adding Read hence they turn into Read and Execute collectively. I removed Traverse and just left Read specifically and it works. Thanks for a great post by the way!

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s