Domain Admin account not getting expected folder access
Posted on 2014-10-28
We have noticed when using the domain "administrator" account we can open folders (system and shares) on any server.
When we have an account joined to the domain administrators group it might be denied. When effective permissions for that account are run, it shows access and FULL control.
There have been no recent changes and we should also not have to "share" folders out to add this user. If a domain administrator it should have access to shares and non-shares. Various servers have even denied administrator accounts to folders with schema admin. rights. The account is listed and effective permissions check out.
Seems odd that the default account works well, but others made for administrators lack some access.
I think my next step is to clone the working account instead of adding a new account to the administrators group and be careful which OU it is created in.
Thanks in advance for any tips or tools.