Solved

Windows Server 2008 access to local drives as logged on user with admin permissions

Posted on 2010-11-17
5
1,593 Views
Last Modified: 2012-08-14
Hi,

The server is running Windows Server 2008 R2 Standard in a VMWare ESX environment.

If I log on to the server using the administrator account, there is no problem accessing local drives: C:, E:, F: and G:.

However, if I log on to the server using my account (which is in the local administrators group), I cannot access drives E:, F: and G:.  

Permissions on drives are as follow:
- CREATOR OWNER (Special permission)
- SYSTEM (Full control)
- MY_SERVER\Administrators (Full control)

In order to access the drives, I need to grant access to another group that I am member of.
Ex: Branch-Admin (Full control)

So, even though this group is in the MY_SERVER\Administrators group, this is not enough, I have to add this group directly.

How is this possible?  Is this something new with Windows 2008? This is not happening with Windows 2003.

Thanks
0
Comment
Question by:Bidonet
  • 3
  • 2
5 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 34155129
Welcome to UAC.
User Account Control
http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx

Unfortunately, since Windows Explorer is the desktop shell as well, you can't run it elevated (unless you run the desktop instance elevated as well, which defeats the purpose of UAC in a way that you can just disable it as well).
So if you want to to continue using UAC (which is somewhat recommended), I'd recommend using an Explorer clone (you can run those elevated) to access folders with administrative access only.
One of many examples:
FreeCommander
http://www.freecommander.com/
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34155618
I tried disabling the UAC with the slider from User Accounts in Control panel but after logging back, I still have access denied on local drives.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 34155759
Disabling or enabling UAC requires a reboot of the machine; only changing the notification level doesn't require it.
You can verify whether it's UAC by right-clicking the Notepad shortcut or exe and selecting "Run as administrator"; then use the File Open dialog to browse to the drive(s) in question. If you have access with this elevated notepad, it's definitely UAC.
How do I change the behavior of User Account Control by using the slider?
http://technet.microsoft.com/en-us/library/dd759070.aspx
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34156052
I did restart the server and still access denied on the drives.

Following what you said, I did the notepad test and I can access the drive with "run as administrator" but access denied on drives with notepad without "run as administrator".

The slider is all the way to the bottom at "Never notify me".
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34158051
Finally, I made it work by disabling the option: "User Account Control: Run all administrators in Admin Approval Mode" in Security Policies. (I also had to reboot)

Thanks again for pointing me in the right direction with UAC.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question