How do I restore security on secondary server drive?

Posted on 2010-01-12
Medium Priority
Last Modified: 2012-05-08
PROBLEM:  When I (as a Domain Admin) try to access the files on the D: partition of the file server, from within the file server console, I get a warning: "You don't currently have permission to access this folder...Click Continue to get access to this folder."  Then, when I click on the folder, I can gain access.  If I try to access my files, through the network, using my non-Admin logon, I can access the files without any warning.

It seems as though the "Administrators" group (which contains the Domain Admins) has a permissions issue because it was restored from a previous OS installation.

How can I correct it?

Please read the background information below to get a better understanding.

BACKGROUND:  I decided to rebuild our File Server, upgrading from Server 2003 to Server 2008.  The OS was on the C: drive and the corporate files were on a separate volume (the D: drive).  During the upgrade I wanted to wipe the C: drive and keep the D: drive intact.

We had many "shares" on the old file server (example: \\Svr12\Accounting, \\Svr12\Office,  \\Svr12\Public), and since I was planning to do a clean install of Server 2008, I didn't want to lose all of the shares for the D: drive.  So, I copied the share data from two registry keys:
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security

Then I wiped the C: drive and installed Server 2008.  Once installed, I restored the data from the two registry keys - when I did, all of the file shares and all of the files on the D: drive were accessible to the network clients.

When I logged into the console as a Domain Admin, I received a warning saying that I didn't have access; however, when I clicked "Continue," I could access the folder.  When I try to access files as an ordinary user, from a client work station, I don't get any warning.

Question by:DWStovall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2

Expert Comment

ID: 26297857
Re-apply NTFS permissions on the affected disk,folders and subfolders and resolve the issue.
LVL 59

Expert Comment

by:Darius Ghassem
ID: 26297923
Most likley the files weren't Owned by the Admin. Look at the permissions to see if the Domain Admin group has permissions.

Expert Comment

ID: 26297955
Like Domain admin you take the ownership and re-apply permissions
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.


Author Comment

ID: 26318752
This seems like something I should know how to do, but I am confused about a couple of issues.  

- The volume in question is the entire D: drive on our corporate file server (4TB of files).

- Do I want to take ownership of every file on the volume?  Would that affect anything else?

- Specifically, how would I "reapply permissions"?


Author Comment

ID: 26319095

In the attachments:

 - Picture1.gif          - shows what I see when I first try to access a folder.
 - FolderSec1.gif     - shows the Security tab when I click on Properties for the folder
 - FolderSec2.gif     - shows the Permissions tab when I click on Advanced
 - FolderSec3.gif     - shows the Owner tab when I click on Advanced

Hope this helps.
LVL 59

Expert Comment

by:Darius Ghassem
ID: 26323100
You can take ownership of the files but depending if these are profiles or not if they are just files then you should be ok.

Accepted Solution

DWStovall earned 0 total points
ID: 26431230
In this particular case, none of the expert recommendations worked, including taking ownership of the folders and files.

This issue turned out to be a bug in the Microsoft Operating System - Windows Server 2008 Standard.  I called MS and their tech focused on the User account Control (UAC) and it's split-token methodology that can affect how permissions are managed and understood by the system.

Here is link to the article MS provided to explain the issue:

As a solution, Microsoft directed me to disable the UAC on the OS.  When I turned off the UAC, all of the issues disappeared and I was able to access the folders and files as usual.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question