Windows 2008 R2 Security on root drive

Posted on 2011-04-22
Last Modified: 2012-05-11
I have a new Windows 2008 R2 DC on my remote site. AD is replicated and I can see all of my users and groups. I just added an E drive which is fully accessible, however, the security permissions include my domain username, and the Administrators username. I don't want individual usrnames listed, so I deleted mine. All of a sudden, I cannot access the drive. I am part of the Administrators group (which has full access), so that makes no sense. I added in Domain Admins security group, which I am also a part of (with full access) and I still cannot access it. I then add my username and now I have full access. Why is it working this way?
Question by:Greg27
    LVL 59

    Expert Comment

    by:Darius Ghassem
    Allow the Administrators Group to take Ownership of the drive.

    Make sure you are not part of any other group like domain users.
    LVL 41

    Accepted Solution

    You should remain a member of domain users. What you are getting is a result of UAC because even though you are a members of administrators group in AD, your processes don't have the administrator SID attached unless you elevate your process. This prevents you and malware from taking administrative action without your consent. You can access the drive via UNC without issue, elevate explorer.exe or command.exe, create a new group in AD and assign it full control, or turn off UAC (not recommended).

    Author Comment

    I tried running Windows Explorer as Adminstrator and I still cannot access the drive. I also made Administrator the owner of the drive and still notihing. I have domain admins with full access. if being a part of that group won't work to gain access, will creating another group, adding myself to it and giving it full permissions be any different?
    LVL 41

    Assisted Solution

    Logging in as administrator is not enough, because even though you are called administrator, your security token will not have the administrative SID and you will effectively have user level rights. See this blog post for a good explanation and method of working securely with UAC.

    Author Closing Comment

    Thanks Kevin. What gives me the administrative SID? It did work and I kind of understand why, but am hoping to get some more indepth description.
    LVL 41

    Expert Comment

    Look at this for a technical description of how UAC works.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Introduction As businesses grow they expand within their original location and often spill over into nearby buildings when space becomes constrained or open up a branch office in another, distant area. If these new offices are outside of the …
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now