How do I restore security on secondary server drive?

PROBLEM:  When I (as a Domain Admin) try to access the files on the D: partition of the file server, from within the file server console, I get a warning: "You don't currently have permission to access this folder...Click Continue to get access to this folder."  Then, when I click on the folder, I can gain access.  If I try to access my files, through the network, using my non-Admin logon, I can access the files without any warning.

It seems as though the "Administrators" group (which contains the Domain Admins) has a permissions issue because it was restored from a previous OS installation.

How can I correct it?

Please read the background information below to get a better understanding.

BACKGROUND:  I decided to rebuild our File Server, upgrading from Server 2003 to Server 2008.  The OS was on the C: drive and the corporate files were on a separate volume (the D: drive).  During the upgrade I wanted to wipe the C: drive and keep the D: drive intact.

We had many "shares" on the old file server (example: \\Svr12\Accounting, \\Svr12\Office,  \\Svr12\Public), and since I was planning to do a clean install of Server 2008, I didn't want to lose all of the shares for the D: drive.  So, I copied the share data from two registry keys:
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security

Then I wiped the C: drive and installed Server 2008.  Once installed, I restored the data from the two registry keys - when I did, all of the file shares and all of the files on the D: drive were accessible to the network clients.

When I logged into the console as a Domain Admin, I received a warning saying that I didn't have access; however, when I clicked "Continue," I could access the folder.  When I try to access files as an ordinary user, from a client work station, I don't get any warning.

DWStovallAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

marcokrecicCommented:
Re-apply NTFS permissions on the affected disk,folders and subfolders and resolve the issue.
0
Darius GhassemCommented:
Most likley the files weren't Owned by the Admin. Look at the permissions to see if the Domain Admin group has permissions.
0
marcokrecicCommented:
Like Domain admin you take the ownership and re-apply permissions
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

DWStovallAuthor Commented:
This seems like something I should know how to do, but I am confused about a couple of issues.  

- The volume in question is the entire D: drive on our corporate file server (4TB of files).

- Do I want to take ownership of every file on the volume?  Would that affect anything else?

- Specifically, how would I "reapply permissions"?

Thanks...
0
DWStovallAuthor Commented:
Dariusq:

In the attachments:

 - Picture1.gif          - shows what I see when I first try to access a folder.
 - FolderSec1.gif     - shows the Security tab when I click on Properties for the folder
 - FolderSec2.gif     - shows the Permissions tab when I click on Advanced
 - FolderSec3.gif     - shows the Owner tab when I click on Advanced

Hope this helps.
Picture1.gif
FolderSec1.gif
FolderSec2.gif
FolderSec3.gif
0
Darius GhassemCommented:
You can take ownership of the files but depending if these are profiles or not if they are just files then you should be ok.
0
DWStovallAuthor Commented:
In this particular case, none of the expert recommendations worked, including taking ownership of the folders and files.

This issue turned out to be a bug in the Microsoft Operating System - Windows Server 2008 Standard.  I called MS and their tech focused on the User account Control (UAC) and it's split-token methodology that can affect how permissions are managed and understood by the system.

Here is link to the article MS provided to explain the issue:
http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx

As a solution, Microsoft directed me to disable the UAC on the OS.  When I turned off the UAC, all of the issues disappeared and I was able to access the folders and files as usual.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.