It wouldn't matter if the custom "Server Administrators" group also had membership in DA -- only that there is a sufficient non-DA/non-Administrator ACE granting access on the resource and the current user has a corresponding SID in his Windows token.
IMO the only question is, why are the permissions on E: different? Normally the built-in "Users" group and "Authenticated Users" set would have access to read+list+execute at least the root on the volume. --Steve On Tue, May 14, 2013 at 2:30 PM, Kurt Buff <[email protected]> wrote: > All, > > This is mostly of academic interest - I've DTRT, as I explain below... > > I have a new guy who has an interesting problem that I haven't run into > before. > > Server is 2008 R2. He can log into the console of the machine with his > DA credentials, but when he does so, he cannot access one of the > drives - unless he uses elevated credentials. > > There are three drives on this machine: C:, E: and F: - it's only the > E: drive that he's having problems with. > > I've found these two articles, which purport to explain what's > happening (it seems to be a UAC issue): > > http://serverfault.com/questions/75691/why-cant-i-browse-my-d-drive-even-if-im-in-the-administrators-group > and > http://technet.microsoft.com/en-us/library/cc731677%28WS.10%29.aspx > > But, if that's the issue, why then can he see the F: drive? The only > thing I can think of is that the F: drive is an external SAS array - > but the machine has a clean install of 2008R2 that was applied after > that hardware was installed, so that doesn't feel right. > > To rectify the issue, I've created a server administrator account with > no DA privileges, and added it to the ServerAdministrators group I > created and have propagated through a GPO - so there's no particular > issue at the moment, but I'd still like to hear if anyone knows if I'm > on the right track, or has solved it in a different fashion. > > Kurt > > >
