Network Share permissions work in 2008, but not in 2008 R2
I have a 2008 server that had been working for years. I am moving the programs to a newer machine running 2008 R2. This program doesn't matter. The problem is with Windows permissions. I am a domain admin. On the 2008 server, I can browse to what ever folders I like, but on this 2008 R2 server, it says I must proved permissions to access each folder. Even though domain admins are listed in the security tab. When I click continue, it opens, but adds my user name to the list in the security tab. I need to give read/write permissions to a single folder \\server\group\user\data\s
Will Szymkowski
From the root folder can you take ownership and then reapply the permissions accordingly? Also are you having any trust issues with this server? Have you tried to remove from the domain and then re-add it back? Also check the event logs to see if there are any errors as well.
Permissions are one of those things that tend to tedious. Are you saying that on all folders you have to provide permissions on all folders or are we only talking about the folders in this group of folders \server\group\user\data\sh
ASKER
\\server\group\user\data\s
I was already set as the owner of the parent folder "group".
The local administrators group is the owner of the subfolder "user". Domain admins is in the local admin group. I am a member of domain admins. no groups have any deny permissions.
When I browse to the folder "user" on the "x:" drive on the server, I get a pop-up message saying:
"You don't currently have permissions to access this folder.
click Continue to permanently get access to this folder."
If I click continue, it adds my account to the ACL for this folder. We try really hard not to add individual names, that's why the domain admins group was added to every folder.
If I browse to it as a network share "\\server\group\user\", it doesn't give me any trouble.
The user account that worked fine in 2008, only had permissions at the "share" level, to get it to work from a 2008 R2 server, I had to add explicit read/list contents permissions to every containing folder.
Microsoft said this is just the way it's supposed to work, but I've been lied to by support before just so they could close the ticket.
If it was just one or two users, I wouldn't care, but I've got about 100 user folders. I just finished removing explicit user permissions left from 3 previous IT users with admin rights to these folders, where, over the years, they've been in the same position I'm in. Every time I have to open a user folder, it adds my name to the ACL.
I just want to know if anyone else has/had this problem when moving from 2008 to 2008 R2. I was hoping this was a common problem and someone would just call me a dummy and tell me to disable a secret setting somewhere.
When I browse to \\server\x$\group\user\, from my domain account on Win 7, it doesn't give me any problems. So the domain admins group appears to be working when browsing this way, just not from the local server.
There are two possibly separate problems here, but I think they are the same root problem.
1) my domain admin account has to add explicit permissions to every folder to browse on local server (you say it's to protect the server, but it's not much protection if this "protection" only works when I'm accessing the server directly, but doesn't work when I'm accessing it from a remote machine) I'd like more consistent results in either direction. Either block me every way, or let me in every way.
2) user permissions that were working to access folders on this 2008 R2 server from a 2008 server, requires additional permissions to be added to the server to when accessing from a separate 2008 R2 server.
-I am not familiar with icacls
I was already set as the owner of the parent folder "group".
The local administrators group is the owner of the subfolder "user". Domain admins is in the local admin group. I am a member of domain admins. no groups have any deny permissions.
When I browse to the folder "user" on the "x:" drive on the server, I get a pop-up message saying:
"You don't currently have permissions to access this folder.
click Continue to permanently get access to this folder."
If I click continue, it adds my account to the ACL for this folder. We try really hard not to add individual names, that's why the domain admins group was added to every folder.
If I browse to it as a network share "\\server\group\user\", it doesn't give me any trouble.
The user account that worked fine in 2008, only had permissions at the "share" level, to get it to work from a 2008 R2 server, I had to add explicit read/list contents permissions to every containing folder.
Microsoft said this is just the way it's supposed to work, but I've been lied to by support before just so they could close the ticket.
If it was just one or two users, I wouldn't care, but I've got about 100 user folders. I just finished removing explicit user permissions left from 3 previous IT users with admin rights to these folders, where, over the years, they've been in the same position I'm in. Every time I have to open a user folder, it adds my name to the ACL.
I just want to know if anyone else has/had this problem when moving from 2008 to 2008 R2. I was hoping this was a common problem and someone would just call me a dummy and tell me to disable a secret setting somewhere.
When I browse to \\server\x$\group\user\, from my domain account on Win 7, it doesn't give me any problems. So the domain admins group appears to be working when browsing this way, just not from the local server.
There are two possibly separate problems here, but I think they are the same root problem.
1) my domain admin account has to add explicit permissions to every folder to browse on local server (you say it's to protect the server, but it's not much protection if this "protection" only works when I'm accessing the server directly, but doesn't work when I'm accessing it from a remote machine) I'd like more consistent results in either direction. Either block me every way, or let me in every way.
2) user permissions that were working to access folders on this 2008 R2 server from a 2008 server, requires additional permissions to be added to the server to when accessing from a separate 2008 R2 server.
-I am not familiar with icacls
This is normal behaviour. You can change this by disabling UAC and rebooting.
http://technet.microsoft.com/en-us/library/cc709691%28v=ws.10%29.aspx
http://techontip.wordpress.com/2010/06/02/turn-off-user-account-control-in-windows-2008-r2/
http://technet.microsoft.com/en-us/library/cc709691%28v=ws.10%29.aspx
http://techontip.wordpress.com/2010/06/02/turn-off-user-account-control-in-windows-2008-r2/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It fixes my problem without compromising the design of my system. And most of all, it IS a solution, not just a random suggestion.
Hi akdit1, I'm glad you were able to resolve your issue. I'm sorry that you did not find our comments helpful.
You may refer to the following blogpost outlining how this UAC-related behaviour can be changed: http://clintboessen.blogspot.co.uk/2013/05/you-dont-currently-have-permission-to.html
It is normal behaviour. It is UAC related. Have a nice day :-)
You may refer to the following blogpost outlining how this UAC-related behaviour can be changed: http://clintboessen.blogspot.co.uk/2013/05/you-dont-currently-have-permission-to.html
It is normal behaviour. It is UAC related. Have a nice day :-)