views:

188

answers:

4

Hi all,

I've installed a Sharepoint site for my team. Everything work fine. But suddenly, I've found that I can not edit the quicklaunch menu: every time I click on Add Item or edit an Item, I get a 403 error.

I've logged with administrator account. I've tried using different browsers such as chrome, firefox, but no hope. The same errors occur when I access Advanced permissions under User and Permission.

Clicking to edit permissions for any group in the list will also cause a 403 error. I think that I may have done some wrong setting with permissions, but I can not figure out what I have done, as I'm pretty new with Sharepoint.

Can you guys tell me how to troubleshoot this problem?

Regards,

A: 

Log in with the site collection administrator account. You most likely removed your own administrative rights from the site (I still don't know why SP will let you do this).

Once you are in, give your normal network account back its administrative permissions.

The site collection administrator account has godlike permissions within its site collection and can override all configured permissions on all securable objects in its domain.

Ryan Michela
A: 

Check your ntfs permissions on c:\program files\common files\microsoft shared\web server extentions\12\template\layouts\user.aspx

KoenVosters
+1  A: 

You can configure diagnostic logging settings to show why SharePoint gave you a 403 error in the SharePoint Trace Log file.

In central Admin: On the top navigation bar, click Operations.

  • On the Event Throttling section, in the Select a category menu, select General
  • In the Least critical event to report to the event log menu, select Warning
  • In the Least critical event to report to the trace log menu, select Verbose
  • Click OK

Go to the Path specified for the Trace Log and reproduce the error. Then open up the last modified sharepoint log file and search for "Denied" (searching up from the bottom of the file). You should see the cause of the 403 error in the log file.

Jon Schoning
Hi Jon,I follow your instruction and found the following error in log fileApplication error when access /_layouts/editnav.aspx, Error=Access to the path 'C:\****\wwwroot\bin' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) at System.IO.DirectoryInfo.GetFiles(String searchPattern, SearchOption searchOption) at System.IO.DirectoryInfbin is an empty folder
Thanh Tran
(Continue with above comment)I've check the bin folder permission and found that everything is ok. Any hint on what to do next ?
Thanh Tran
Hi, I've just added the Read permission for Everyone to the bin folder, and now it work fine again. I'm not sure this is the right way, but at least it work. Thanks
Thanh Tran
A: 

USE THESE CAREFULLY

You probably have a incorrect setup in the service accounts making your server block some internal requests. Try to disabled the Loopback Check:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Create a DWORD named 'DisableLoopbackCheck' with a '1' value.

Also make sure your Application Pool (IIS Manager) is running under an actual never-expires user account not the System Account.

F.Aquino