- Data ONTAP 9.1 to 9.5
- Data ONTAP 9
Domain User who is a member of "BUILTIN\Administrators" group is unable to view shares, sessions, and open files through Windows MMC or computer management console.
Microsoft Management Console (MMC) shows error "You do not have permissions to see the list of shares for Windows client" is seen when he clicks on shares, sessions, and open files.
To check the Windows group memberships for the Windows user, run the following command, available in diagnostic privilege, on all nodes:
::> set d -c off ; row 0
::*> diag secd authentication show-creds -node cdot-01 -vserver svm -win-name naslab\alice
UNIX UID: root <> Windows User: NASLAB\alice (Windows Domain User)
Primary Group SID: NASLAB\Domain Users (Windows Domain group)
NASLAB\Domain Users (Windows Domain group)
NASLAB\Domain Admins (Windows Domain group)
NASLAB\Denied RODC Password Replication Group (Windows Alias)
Service asserted identity (Windows Well known group)
BUILTIN\Users (Windows Alias)
BUILTIN\Administrators (Windows Alias) <<<<<<<<<<<<<<<<<
User is also a member of Everyone, Authenticated Users, and Network Users
::*> local-group show-members -vserver svm -group-name BUILTIN\Administrators
(vserver cifs users-and-groups local-group show-members)
Group Name: BUILTIN\Administrators
Member Name: SMBSRVR\Administrator
Note: If the user is a member of "BUILTIN\Administrators" group but the membership is not reflecting properly in the show-creds output, still the same solution will work.