Solved

Server 2008 R2 UAC: can't get accurate folder sizes

Posted on 2013-01-23
3
960 Views
Last Modified: 2013-02-22
I have Server 2008 R2 running as a file server. Logged in as a domain admin, I right-click the top level file folder and select "properties." It tells me the numbers of files and folders contained, and says it is taking up 10GB on disk. I know there is at least a TB stored in the folder by looking at the volume info listed in My Computer.  

It seems Server 2008 R2 limits what it reports based on UAC. Several times I have tried to open the sub-folders in that main folder and get the prompt: "You don't have permission to access this folder. Click continue to permanently get access to this folder." Once I have access to that folder, it will then include those contents in the totals when right-clicking it and asking for properties.

I have disabled the feature in secpol.msc. I have dropped the slider in control panel to "never notify", and I even looked in the tools tab of msconfig. Even after reboots, I still get those messages and I can't do things as simple as seeing how much data is stored in a folder. Foolish configuration by MS.

How do I tun this feature off entirely?
0
Comment
Question by:Ad-Apex
  • 2
3 Comments
 
LVL 28

Expert Comment

by:Ryan McCauley
ID: 38813098
This isn't related to UAC, it's related to NTFS permissions on the folders SQL Server controls - be default, they don't allow anybody other than the SQL service accounts to view their contents. When you click on them and get that prompt (and click "OK" to grant permissions), you're really asking Windows to grant your user NTFS permissions on that folder so you can view the contents. Without those permissions, you can see what's in the folder and your attempt to summarize the contents won't include them.

This same thing happens if you attempt to view the size of the "Users" folder and all its subfolders - since certain folders have NTFS rights restricted for other users (so only the owner can see the contents), you values here will be incorrect as well.

You can browse manually into all these folders and grant yourself the required rights when prompted - it's a one-time thing, as SQL Server won't alter the folder permissions again to remove you - and that should show you what you want.
0
 

Author Comment

by:Ad-Apex
ID: 38813929
Well, it's not SQL server, and I have permissions on all folders. The account I am using is a member of domain admins, which is the owner of the folders as well as listed as having "read" access. So the proper permissions and ownership is there, but it does behave like you describe. First time opening prompts me to click "continue" and thereafter it works fine.
0
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 500 total points
ID: 38814224
Ah - sorry about the confusion. I was answering a number of SQL Server questions last night and I didn't notice that this one didn't have that tag :)

Even if  you're a member of domain admins, which is a local admin on each server, that still doesn't guarantee that you'll have access to every folder, as the NTFS permissions can be set any way you way - to deny access to domain admins, for example, and allow only read access to some group of service accounts that you'd never used to log in.

Since you're a local administrator, you're free to take ownership of any NTFS object, even if you don't have explicit (or implied) permissions on it already, which is why it works after you get prompted. Even though it appears you have permissions, if you're getting that prompt it means  you don't - maybe you can take a before and after screenshot of the NTFS permissions and compare them to show you what's changing.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now