Access Denied error message when you access an SMB file share in Windows

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials


When you try to access a specific folder that is located on a Network Appliance (NetApp) Filer or a Windows Server that supports SMB2 from a Windows-based system through the Server Message Block (SMB) Version 2 protocol, the access is denied. This issue occurs in Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008.

Note This issue does not occur if you disable the SMB2 protocol on the client or use a Windows SMB client, such as Windows XP or Windows Server 2003.


This issue occurs because the target folder on the SMB share is missing the SYNCHRONIZE access control entries.


To resolve this issue, use the ICACLS utility to set the desired permissions that contain the Synchronize bit.
For example, at a command prompt, type the following command, and then press ENTER: 
ICACLS h:\folder /grant domain\user:(RC,RD,REA,RA,X,S)

Note A comma-separated list in parentheses of specific rights:
  • RC - read control
  • RD - read data/list directory
  • REA - read extended attributes
  • RA - read attributes
  • X - execute/traverse
  • S - Synchronize


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

See the behavior of the SYNCHRONIZE bit on Windows SMB2 clients.