Our Intranet impersonates the logged on user against NTFS file permissions on our file server from Windows 10, but fails to do so from a clean install of Windows 11

Phil Jones 0 Reputation points
2023-06-05T13:48:04.4566667+00:00

We have an app on our Intranet which impersonates the logged on user against NTFS file permissions on our file server. This works from a Windows 10 computer and from a computer upgraded to Windows 11 from Windows 10, but fails on a computer with a clean install of Windows 11

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,170 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 44,496 Reputation points
    2023-06-06T09:24:29.8066667+00:00

    Hello there,

    Is there anything in event viewer?

    I would suggest you to use proc mon to identify if there is nothing on the event viewer.

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file

    system, Registry and process/thread activity. You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/procmon

    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log

    system activity to the Windows event log.You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/sysmon

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  2. MotoX80 34,761 Reputation points
    2023-06-06T11:39:20.41+00:00

    So you are doing IIS impersonation to access a network share on another server using Active Directory and Kerberos authentication? Correct?

    That is the infamous double-hop issue.

    Have you reviewed this page?

    https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/kerberos-double-hop-authentication-edge-chromium


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.