Hi Folks,
After much searching, I've found an adjacent issue but nothing that describes my problem. Any help is appreciated.
Description:
- The AD user has a GPO-mapped network drive
- The user successfully creates and modifies files on the network share.
- When the user attempts to copy a file from the local AD joined workstation to the server, receives error: "Location is not available"
<Drive Letter> is unavailable. If the location is on this PC make sure the device or drive is connected or the disc is inserted, and then try again, If the location is on a network, make sure you're connected to the network or Internet, and then try again. If the I
Environment:
- Server: Windows Server 2016 Standard (AD + File Server Roles)
- Workstation: Windows 11 Pro (Domain Joined)
- User Account: AD Standard User (non-Admin)
- Drive Map: GPO, Fixed Drive Letter, Reconnect Enabled, Item Level Targeted to Security Group
- Folder/File Share Permissions:
- File Share ACL: "Everyone" -> Full Control
- NTFS ACL: User/Group has Modify access for "This folder, subfolders and files"
Full directory structure/permissions will be outlined at the bottom of the post.
The NTFS/GPO/Share configuration has been in production for several years. This is a new user, first introduction of Windows 11 Pro in the environment. Aside from Admins, this is the only user with this share.
Testing/Resolution Attempts:
- Re-applied the group ACL to the directory (recursive)
- Verified that issue is not occurring on Windows 10 Pro domain joined workstation using test account.
- There is a known potential UAC issue when copying From Server To Workstation (the opposite of my issue and my user is not escalating privileges). The recommended solution is using EnableLinkedConnections = 1 registry change. Tried for the heck of it, no change.
Additional Information:
We allow granular permissions 1-folder level deep.
IE:
- The root share lists departmental folders.
- Departmental folders have custom group permissions
- NO Departmental sub-folders have custom permissions.
Example Mapped Drive Details
\\Server\RootShare\1-LevelSubFolder
"RootShare" NTFS Permission:
- Group: DrvMap_<ShareName>
Used for GPO Item Level Targeting - ACL: List Folder / read data -> This Folder Only
"1-LevelSubFolder"
- Group: staff_<Department>
- ACL: Modify -> This folder, subfolders and files
I hope that provides enough context. We have US holidays coming up so my replies may be a bit slow, but I'd appreciate any advice you can give.