Server 2008 file share vs local admin grp

Discussion in 'Server Networking' started by Masl, Jan 28, 2009.

  1. Masl

    Masl Guest


    I set up a file share (server 2008 x64) and try to access it from the local
    host as local admin (<--full access), a window pops up telling me:
    "You don't currently have permission to access this folder" - click continue
    to get access to this folder....
    If I now click continue, the systems modifies the ACL by adding my user
    object with read & execute right - although I'm already member of the local
    admin grp.

    Share permissions: local admins, full control
    Security: local admins, full control
    (aside from several other rights/permissions but no explicit deny set)

    Any idea what has chanced in server 2008?
    thanks in advance
    Masl, Jan 28, 2009
    1. Advertisements

  2. Hello Masl,

    The change is UAC. Any administrative account except the administrator is
    using it.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jan 28, 2009
    1. Advertisements

  3. Masl

    Masl Guest

    Thx a lot for your answer.
    At the moment it seems that disabling UAC is the only known solution for
    this problem.

    If anyone knows best practices on how to deal with this challenge, I would
    appreciate your reply.

    Thanks in advance
    Masl, Jan 30, 2009
  4. Hello Masl,

    You can configure a GPO, but that test first on a lab system.

    Computer configuration, windows settings, security settings, local policies,
    security options, "User account control: Behavior of the elevation prompt
    for administrators in Admin Approval Mode", choose "Elevate without prompting".

    In my opinion you should NOT use that policy. It lowers the security tremendous.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jan 30, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.