MMC shows error: You do not have permissions to see the list of shares for Windows client
Applies to
- ONTAP 9
- MMC
Issue
- A user who is a member of the "BUILTIN\Administrators" group is unable to view shares, sessions, and open files through Windows Microsoft Management Console (MMC) or the Computer Management console.
Note: If the user is not part of the "BUILTIN\Administrators" group: Connecting CIFS shares via MMC results in error 'You do not have permissions to see list of shares for Windows client'
- MMC shows error
You do not have permissions to see the list of shares for Windows client
when the user clicks on shares, sessions, and open files - To check the Windows group memberships for the Windows user, run the following command, available in advanced mode, on all nodes:
::*> vserver services access-check authentication show-creds -node cdot-01 -vserver svm -win-name naslab\alice
UNIX UID: root <> Windows User: NASLAB\alice (Windows Domain User)
GID: daemon
Supplementary GIDs:
daemon
Primary Group SID: NASLAB\Domain Users (Windows Domain group)
Windows Membership:
NASLAB\Domain Users (Windows Domain group)
NASLAB\Domain Admins (Windows Domain group)
NASLAB\Denied RODC Password Replication Group (Windows Alias)
Service asserted identity (Windows Well known group)
BUILTIN\Users (Windows Alias)
BUILTIN\Administrators (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x22b7):
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SeChangeNotifyPrivilege
::*> vserver cifs users-and-groups local-group show-members -vserver svm -group-name BUILTIN\Administrators
Vserver: svm
Group Name: BUILTIN\Administrators
Member Name: SMBSRVR\Administrator
NASLAB\Domain Admins
NASLAB\alice