Windows 2008 R2 Security on root drive

I have a new Windows 2008 R2 DC on my remote site. AD is replicated and I can see all of my users and groups. I just added an E drive which is fully accessible, however, the security permissions include my domain username, and the Administrators username. I don't want individual usrnames listed, so I deleted mine. All of a sudden, I cannot access the drive. I am part of the Administrators group (which has full access), so that makes no sense. I added in Domain Admins security group, which I am also a part of (with full access) and I still cannot access it. I then add my username and now I have full access. Why is it working this way?
Greg27Asked:
Who is Participating?
 
kevinhsiehCommented:
You should remain a member of domain users. What you are getting is a result of UAC because even though you are a members of administrators group in AD, your processes don't have the administrator SID attached unless you elevate your process. This prevents you and malware from taking administrative action without your consent. You can access the drive via UNC without issue, elevate explorer.exe or command.exe, create a new group in AD and assign it full control, or turn off UAC (not recommended).
0
 
Darius GhassemCommented:
Allow the Administrators Group to take Ownership of the drive.

Make sure you are not part of any other group like domain users.
0
 
Greg27Author Commented:
I tried running Windows Explorer as Adminstrator and I still cannot access the drive. I also made Administrator the owner of the drive and still notihing. I have domain admins with full access. if being a part of that group won't work to gain access, will creating another group, adding myself to it and giving it full permissions be any different?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
kevinhsiehCommented:
Logging in as administrator is not enough, because even though you are called administrator, your security token will not have the administrative SID and you will effectively have user level rights. See this blog post for a good explanation and method of working securely with UAC.

http://blog.akinstech.com/understanding-windows-7-and-2008-r2-uac-and-permissions
0
 
Greg27Author Commented:
Thanks Kevin. What gives me the administrative SID? It did work and I kind of understand why, but am hoping to get some more indepth description.
0
 
kevinhsiehCommented:
Look at this for a technical description of how UAC works.
http://technet.microsoft.com/en-us/library/dd835561(WS.10).aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.