Link to home
Start Free TrialLog in
Avatar of westes
westes

asked on

Strict Volume Permissions on Windows When UAC is Enabled

With old versions of Windows, I could restrict access to the file system on a secured volume by restricting to the SYSTEM and Administrators groups.   I would remove Users and all other entities.   As long as you were in Administrators you had access to the volume and that worked.  Ordinary users were denied access, which for some cases is what we wanted.

Enter later versions of Windows and UAC.   Unfortunately, in Windows 2008 Server and later, when you open Windows Explorer as an administrative user, you do not access the drive in that security context.   Apparently Explorer puts you in the context of a "Standard User" and on a volume that only Administrators have access to, that means that even an administrative user has no access to read the volume!!

I can workaround this by giving read permissions to the Users group, but that defeats the whole point of securing the volume.   Does someone know of a way to define volume permissions so that Administrators have full access and Users have no access, and Windows Explorer allows Administrators to still access the volume?
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of westes
westes

ASKER

McKnife, great comprehensive, yet succinct, answer....

I might go for the SetACL Studio.