Win 2008 R2 NTFS permissions for home directories

We recently began converting our domain to 2008 R2.
So we’re about 80% through upgrading all the domain controllers from 2003 R2.

I’ve set up home directories on a new 2008 r2 enterprise server.
And the users access those directories in the format \\servername\home\%username%

Share permission on HOME is Everyone FULL.

NTFS permissions on HOME have the following:
Domain admins – Full – This folder all subfolders and files
Authenticated users – Traverse folder/execute file, life folder/read data, read attributes, read permissions – this folder only

And then under each user’s home directory we give that user Full permissions.

This has worked in previous versions of windows server, allowing the users enough permissions to get down to their shares, but not so much that they can try and wander into another users home directory.

Here’s my problem with this Windows 2008 R2 server:

If I log in as the Domain\administrator account, I can access everything fine.
If I log in with another Domain Admin account I’m denied access to the users’ home directories. And it asks do I want to gain access, and if I say ‘YES’ it adds my individual account to the security permissions.
And for some reason I can’t log in as the local administrator, so I can’t test that. But that’s an oddity that I haven’t had occur before either.

Local administrator includes domain admins.

Any ideas? I am really stuck. This makes no sense whatsoever.
KumerianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

czelikCommented:
did you try accessing it with ip address?
\\IPADDRESS\home\%username%
0
KumerianAuthor Commented:
I'm logged into the server and accessing the local directory and having this problem.
0
czelikCommented:
did you try adding domain admins in controll panel/user accounts as local administrator?
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

KumerianAuthor Commented:
yes, they were added automatically when I added the server to the domain.
0
czelikCommented:
sorry, was out of town

What is the current owner of ntfs set to? Maybe change that to domain admins
0
KumerianAuthor Commented:
I have the solution offline with Microsoft. Can I put it here or will you delete the question?
0
KumerianAuthor Commented:
Apparently the issue is caused by the User Account Control in 2008R2.

According to Micrsooft, even though the Admin group has full access, the system will not allow a specific admin access without changing the permissions. This generates an audit log event, which provides for a trace of who has accessed the home directory beyond the user accessing it remotely. This was their way of providing an audit trail for admins accessing secure directories.

Fixed by disabling UAC.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KumerianAuthor Commented:
Tried this solution and the problem is completely resolved.
This is specific to 2008R2, 2008 does not exhibit this behavior.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.