Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows 2008 R2 Security on root drive

Posted on 2011-04-22
6
Medium Priority
?
758 Views
Last Modified: 2012-05-11
I have a new Windows 2008 R2 DC on my remote site. AD is replicated and I can see all of my users and groups. I just added an E drive which is fully accessible, however, the security permissions include my domain username, and the Administrators username. I don't want individual usrnames listed, so I deleted mine. All of a sudden, I cannot access the drive. I am part of the Administrators group (which has full access), so that makes no sense. I added in Domain Admins security group, which I am also a part of (with full access) and I still cannot access it. I then add my username and now I have full access. Why is it working this way?
0
Comment
Question by:Greg27
  • 3
  • 2
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35447082
Allow the Administrators Group to take Ownership of the drive.

Make sure you are not part of any other group like domain users.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 35448261
You should remain a member of domain users. What you are getting is a result of UAC because even though you are a members of administrators group in AD, your processes don't have the administrator SID attached unless you elevate your process. This prevents you and malware from taking administrative action without your consent. You can access the drive via UNC without issue, elevate explorer.exe or command.exe, create a new group in AD and assign it full control, or turn off UAC (not recommended).
0
 

Author Comment

by:Greg27
ID: 35448586
I tried running Windows Explorer as Adminstrator and I still cannot access the drive. I also made Administrator the owner of the drive and still notihing. I have domain admins with full access. if being a part of that group won't work to gain access, will creating another group, adding myself to it and giving it full permissions be any different?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 2000 total points
ID: 35449393
Logging in as administrator is not enough, because even though you are called administrator, your security token will not have the administrative SID and you will effectively have user level rights. See this blog post for a good explanation and method of working securely with UAC.

http://blog.akinstech.com/understanding-windows-7-and-2008-r2-uac-and-permissions
0
 

Author Closing Comment

by:Greg27
ID: 35451401
Thanks Kevin. What gives me the administrative SID? It did work and I kind of understand why, but am hoping to get some more indepth description.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35451468
Look at this for a technical description of how UAC works.
http://technet.microsoft.com/en-us/library/dd835561(WS.10).aspx
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question