Solved

Folder Access

Posted on 2013-10-28
9
294 Views
Last Modified: 2013-11-03
I am the administrator for our network......    Learning by the seat of my pants on most everything.    Why are some folders stating that even me logged in as administrator that I don't have access.   At times I need to look into a users set of folders and get denied.

Is there a reason it "defaults" this way?   Reason a network admin should not have access...........
0
Comment
Question by:bankwest
  • 4
  • 4
9 Comments
 
LVL 3

Expert Comment

by:1md
ID: 39607142
Hello,

Some permissions may have been changed, here is a Technet article which will step you through the method for changing permissions if you need to:

http://technet.microsoft.com/en-us/library/cc754344.aspx
0
 

Author Comment

by:bankwest
ID: 39607169
As an administrator, can I make myself the "owner" and then make sure the user or the group they are in have the correct permissions.   Or is that a no-no for a network?
0
 
LVL 5

Expert Comment

by:Recept
ID: 39607304
I believe this is the problem you are experiencing - http://think-like-a-computer.com/2011/05/11/windows-access-denied-folder-administrator/

This applies to all Windows versions which have User Access Control (UAC) - Windows Server 2008+/Windows Vista+

Put simply Windows Explorer does not (and can not) run with the elevated permissions required to view the folders.


Rather than take ownership of the folder a good test is to launch command prompt with elevated permissions (right click -> Run as Administrator) and browse to the same folder.


There are a few solutions outlined in the article above but I've previously used option 2 as turning off UAC is not good security practice.

If this is not possible what I found works is to create a new group in Active Directory and call it something like “All-Folders-Access”. Add your administrator account to this group and then give this group full control permissions to the same folders the administrators groups have access to. This will allow you access to the folder with Windows Explorer. This is time consuming but the only solution if you want to keep UAC in use.
0
 

Author Comment

by:bankwest
ID: 39608654
PeterRecz
Reading thru this and still a little confused.  In my Active Directory, of course, there is the built in Admin account, which I am a member of.

Then we have under our domain_OU,  we have another group that is just called Admin_users and I am a member of that as well.

So what am I missing???     I still have issues with some folders.  And if I look at the folder, security,  I find a few that says I don't have permission to view or edit   If I go to the root, for example,    \\domain\user_mydocs I see the Admin group listed with full control.   But then I go to a users folder and the access is denied.

Sorry....trying to learn this as I go.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:Recept
ID: 39610279
Apologies if it was unclear. The BUILTIN\Administrators group I'm referring to is the one local to the file server. Going forward I will refer to it as SERVERNAME\Administrators.

I suspect if you look at the permissions to the folders you don't have permissions to their simply have SERVERNAME\Administrators and not the Admin_users group. As SERVERNAME\Administrators is the only group listed with UAC enabled you will not have permissions to the folder.

The fix is to add the Admin_users group to the folder but first lets check the folder permissions. You can do this with a command line tool like ICACLS.

1. RDP to the server
2. Shift + Right click and open Command Prompt as an Administrator
3. Type icacls <path to folder>
For example icacls c:\data\folder1

Post the results and we can go from there.
0
 

Author Comment

by:bankwest
ID: 39610303
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\tcox>icacls C:\shares\user_mydocs\mvoss
C:\shares\user_mydocs\mvoss: The system cannot find the path specified.
Successfully processed 0 files; Failed processing 1 files

C:\Users\tcox>icacls C:\shares\usr_mydocs\mvoss
C:\shares\usr_mydocs\mvoss: Access is denied.
Successfully processed 0 files; Failed processing 1 files

C:\Users\tcox>
0
 
LVL 5

Accepted Solution

by:
Recept earned 500 total points
ID: 39610355
Ok, in that case the folder is restricted to the point that even SERVERNAME\Administrators doesn't have access.

Therefore the best course of action is to take ownership, check the permissions and grant SERVERNAME\Administrators and Admin_users Full Control access.
0
 

Author Comment

by:bankwest
ID: 39618044
Where is the best PLACE to do this.   On the domain under the share and storage management?   Or just use explorer and access each folder
0
 
LVL 5

Expert Comment

by:Recept
ID: 39620381
I'd do it by using explorer and access each folder.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now