[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows Server 2008 access to local drives as logged on user with admin permissions

Posted on 2010-11-17
5
Medium Priority
?
1,638 Views
Last Modified: 2012-08-14
Hi,

The server is running Windows Server 2008 R2 Standard in a VMWare ESX environment.

If I log on to the server using the administrator account, there is no problem accessing local drives: C:, E:, F: and G:.

However, if I log on to the server using my account (which is in the local administrators group), I cannot access drives E:, F: and G:.  

Permissions on drives are as follow:
- CREATOR OWNER (Special permission)
- SYSTEM (Full control)
- MY_SERVER\Administrators (Full control)

In order to access the drives, I need to grant access to another group that I am member of.
Ex: Branch-Admin (Full control)

So, even though this group is in the MY_SERVER\Administrators group, this is not enough, I have to add this group directly.

How is this possible?  Is this something new with Windows 2008? This is not happening with Windows 2003.

Thanks
0
Comment
Question by:Bidonet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 34155129
Welcome to UAC.
User Account Control
http://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx

Unfortunately, since Windows Explorer is the desktop shell as well, you can't run it elevated (unless you run the desktop instance elevated as well, which defeats the purpose of UAC in a way that you can just disable it as well).
So if you want to to continue using UAC (which is somewhat recommended), I'd recommend using an Explorer clone (you can run those elevated) to access folders with administrative access only.
One of many examples:
FreeCommander
http://www.freecommander.com/
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34155618
I tried disabling the UAC with the slider from User Accounts in Control panel but after logging back, I still have access denied on local drives.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 34155759
Disabling or enabling UAC requires a reboot of the machine; only changing the notification level doesn't require it.
You can verify whether it's UAC by right-clicking the Notepad shortcut or exe and selecting "Run as administrator"; then use the File Open dialog to browse to the drive(s) in question. If you have access with this elevated notepad, it's definitely UAC.
How do I change the behavior of User Account Control by using the slider?
http://technet.microsoft.com/en-us/library/dd759070.aspx
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34156052
I did restart the server and still access denied on the drives.

Following what you said, I did the notepad test and I can access the drive with "run as administrator" but access denied on drives with notepad without "run as administrator".

The slider is all the way to the bottom at "Never notify me".
0
 
LVL 5

Author Comment

by:Bidonet
ID: 34158051
Finally, I made it work by disabling the option: "User Account Control: Run all administrators in Admin Approval Mode" in Security Policies. (I also had to reboot)

Thanks again for pointing me in the right direction with UAC.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question