Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 324
  • Last Modified:

How do I restore security on secondary server drive?

PROBLEM:  When I (as a Domain Admin) try to access the files on the D: partition of the file server, from within the file server console, I get a warning: "You don't currently have permission to access this folder...Click Continue to get access to this folder."  Then, when I click on the folder, I can gain access.  If I try to access my files, through the network, using my non-Admin logon, I can access the files without any warning.

It seems as though the "Administrators" group (which contains the Domain Admins) has a permissions issue because it was restored from a previous OS installation.

How can I correct it?

Please read the background information below to get a better understanding.

BACKGROUND:  I decided to rebuild our File Server, upgrading from Server 2003 to Server 2008.  The OS was on the C: drive and the corporate files were on a separate volume (the D: drive).  During the upgrade I wanted to wipe the C: drive and keep the D: drive intact.

We had many "shares" on the old file server (example: \\Svr12\Accounting, \\Svr12\Office,  \\Svr12\Public), and since I was planning to do a clean install of Server 2008, I didn't want to lose all of the shares for the D: drive.  So, I copied the share data from two registry keys:
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares
  - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security

Then I wiped the C: drive and installed Server 2008.  Once installed, I restored the data from the two registry keys - when I did, all of the file shares and all of the files on the D: drive were accessible to the network clients.

When I logged into the console as a Domain Admin, I received a warning saying that I didn't have access; however, when I clicked "Continue," I could access the folder.  When I try to access files as an ordinary user, from a client work station, I don't get any warning.

0
DWStovall
Asked:
DWStovall
  • 3
  • 2
  • 2
1 Solution
 
marcokrecicCommented:
Re-apply NTFS permissions on the affected disk,folders and subfolders and resolve the issue.
0
 
Darius GhassemCommented:
Most likley the files weren't Owned by the Admin. Look at the permissions to see if the Domain Admin group has permissions.
0
 
marcokrecicCommented:
Like Domain admin you take the ownership and re-apply permissions
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
DWStovallAuthor Commented:
This seems like something I should know how to do, but I am confused about a couple of issues.  

- The volume in question is the entire D: drive on our corporate file server (4TB of files).

- Do I want to take ownership of every file on the volume?  Would that affect anything else?

- Specifically, how would I "reapply permissions"?

Thanks...
0
 
DWStovallAuthor Commented:
Dariusq:

In the attachments:

 - Picture1.gif          - shows what I see when I first try to access a folder.
 - FolderSec1.gif     - shows the Security tab when I click on Properties for the folder
 - FolderSec2.gif     - shows the Permissions tab when I click on Advanced
 - FolderSec3.gif     - shows the Owner tab when I click on Advanced

Hope this helps.
Picture1.gif
FolderSec1.gif
FolderSec2.gif
FolderSec3.gif
0
 
Darius GhassemCommented:
You can take ownership of the files but depending if these are profiles or not if they are just files then you should be ok.
0
 
DWStovallAuthor Commented:
In this particular case, none of the expert recommendations worked, including taking ownership of the folders and files.

This issue turned out to be a bug in the Microsoft Operating System - Windows Server 2008 Standard.  I called MS and their tech focused on the User account Control (UAC) and it's split-token methodology that can affect how permissions are managed and understood by the system.

Here is link to the article MS provided to explain the issue:
http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx

As a solution, Microsoft directed me to disable the UAC on the OS.  When I turned off the UAC, all of the issues disappeared and I was able to access the folders and files as usual.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now