Solved

Windows Server 2008 access to local drives as logged on user with admin permissions

Posted on 2010-11-17
5
1,582 Views
Last Modified: 2012-08-14
Hi,

The server is running Windows Server 2008 R2 Standard in a VMWare ESX environment.

If I log on to the server using the administrator account, there is no problem accessing local drives: C:, E:, F: and G:.

However, if I log on to the server using my account (which is in the local administrators group), I cannot access drives E:, F: and G:.  

Permissions on drives are as follow:
- CREATOR OWNER (Special permission)
- SYSTEM (Full control)
- MY_SERVER\Administrators (Full control)

In order to access the drives, I need to grant access to another group that I am member of.
Ex: Branch-Admin (Full control)

So, even though this group is in the MY_SERVER\Administrators group, this is not enough, I have to add this group directly.

How is this possible?  Is this something new with Windows 2008? This is not happening with Windows 2003.

Thanks
0
Comment
Question by:Bidonet
  • 3
  • 2
5 Comments
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
Welcome to UAC.
User Account Control
http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx

Unfortunately, since Windows Explorer is the desktop shell as well, you can't run it elevated (unless you run the desktop instance elevated as well, which defeats the purpose of UAC in a way that you can just disable it as well).
So if you want to to continue using UAC (which is somewhat recommended), I'd recommend using an Explorer clone (you can run those elevated) to access folders with administrative access only.
One of many examples:
FreeCommander
http://www.freecommander.com/
0
 
LVL 5

Author Comment

by:Bidonet
Comment Utility
I tried disabling the UAC with the slider from User Accounts in Control panel but after logging back, I still have access denied on local drives.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Disabling or enabling UAC requires a reboot of the machine; only changing the notification level doesn't require it.
You can verify whether it's UAC by right-clicking the Notepad shortcut or exe and selecting "Run as administrator"; then use the File Open dialog to browse to the drive(s) in question. If you have access with this elevated notepad, it's definitely UAC.
How do I change the behavior of User Account Control by using the slider?
http://technet.microsoft.com/en-us/library/dd759070.aspx
0
 
LVL 5

Author Comment

by:Bidonet
Comment Utility
I did restart the server and still access denied on the drives.

Following what you said, I did the notepad test and I can access the drive with "run as administrator" but access denied on drives with notepad without "run as administrator".

The slider is all the way to the bottom at "Never notify me".
0
 
LVL 5

Author Comment

by:Bidonet
Comment Utility
Finally, I made it work by disabling the option: "User Account Control: Run all administrators in Admin Approval Mode" in Security Policies. (I also had to reboot)

Thanks again for pointing me in the right direction with UAC.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now