DWStovall
asked on
How do I restore security on secondary server drive?
PROBLEM: When I (as a Domain Admin) try to access the files on the D: partition of the file server, from within the file server console, I get a warning: "You don't currently have permission to access this folder...Click Continue to get access to this folder." Then, when I click on the folder, I can gain access. If I try to access my files, through the network, using my non-Admin logon, I can access the files without any warning.
It seems as though the "Administrators" group (which contains the Domain Admins) has a permissions issue because it was restored from a previous OS installation.
How can I correct it?
Please read the background information below to get a better understanding.
BACKGROUND: I decided to rebuild our File Server, upgrading from Server 2003 to Server 2008. The OS was on the C: drive and the corporate files were on a separate volume (the D: drive). During the upgrade I wanted to wipe the C: drive and keep the D: drive intact.
We had many "shares" on the old file server (example: \\Svr12\Accounting, \\Svr12\Office, \\Svr12\Public), and since I was planning to do a clean install of Server 2008, I didn't want to lose all of the shares for the D: drive. So, I copied the share data from two registry keys:
- HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\lan manserver\ Shares
- HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\lan manserver\ Shares\Sec urity
Then I wiped the C: drive and installed Server 2008. Once installed, I restored the data from the two registry keys - when I did, all of the file shares and all of the files on the D: drive were accessible to the network clients.
When I logged into the console as a Domain Admin, I received a warning saying that I didn't have access; however, when I clicked "Continue," I could access the folder. When I try to access files as an ordinary user, from a client work station, I don't get any warning.
It seems as though the "Administrators" group (which contains the Domain Admins) has a permissions issue because it was restored from a previous OS installation.
How can I correct it?
Please read the background information below to get a better understanding.
BACKGROUND: I decided to rebuild our File Server, upgrading from Server 2003 to Server 2008. The OS was on the C: drive and the corporate files were on a separate volume (the D: drive). During the upgrade I wanted to wipe the C: drive and keep the D: drive intact.
We had many "shares" on the old file server (example: \\Svr12\Accounting, \\Svr12\Office, \\Svr12\Public), and since I was planning to do a clean install of Server 2008, I didn't want to lose all of the shares for the D: drive. So, I copied the share data from two registry keys:
- HKEY_LOCAL_MACHINE\SYSTEM\
- HKEY_LOCAL_MACHINE\SYSTEM\
Then I wiped the C: drive and installed Server 2008. Once installed, I restored the data from the two registry keys - when I did, all of the file shares and all of the files on the D: drive were accessible to the network clients.
When I logged into the console as a Domain Admin, I received a warning saying that I didn't have access; however, when I clicked "Continue," I could access the folder. When I try to access files as an ordinary user, from a client work station, I don't get any warning.
Re-apply NTFS permissions on the affected disk,folders and subfolders and resolve the issue.
Most likley the files weren't Owned by the Admin. Look at the permissions to see if the Domain Admin group has permissions.
Like Domain admin you take the ownership and re-apply permissions
ASKER
This seems like something I should know how to do, but I am confused about a couple of issues.
- The volume in question is the entire D: drive on our corporate file server (4TB of files).
- Do I want to take ownership of every file on the volume? Would that affect anything else?
- Specifically, how would I "reapply permissions"?
Thanks...
- The volume in question is the entire D: drive on our corporate file server (4TB of files).
- Do I want to take ownership of every file on the volume? Would that affect anything else?
- Specifically, how would I "reapply permissions"?
Thanks...
ASKER
Dariusq:
In the attachments:
- Picture1.gif - shows what I see when I first try to access a folder.
- FolderSec1.gif - shows the Security tab when I click on Properties for the folder
- FolderSec2.gif - shows the Permissions tab when I click on Advanced
- FolderSec3.gif - shows the Owner tab when I click on Advanced
Hope this helps.
Picture1.gif
FolderSec1.gif
FolderSec2.gif
FolderSec3.gif
In the attachments:
- Picture1.gif - shows what I see when I first try to access a folder.
- FolderSec1.gif - shows the Security tab when I click on Properties for the folder
- FolderSec2.gif - shows the Permissions tab when I click on Advanced
- FolderSec3.gif - shows the Owner tab when I click on Advanced
Hope this helps.
Picture1.gif
FolderSec1.gif
FolderSec2.gif
FolderSec3.gif
You can take ownership of the files but depending if these are profiles or not if they are just files then you should be ok.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.