On a Windows 2008 or 2008 R2 server administrators are unable to browse the contents of local drives while logged on to the server either directly at the console or via remote desktop. Access to the same drive using a network share works fine. UAC is turned on, and the local administrators group have full control access to the drive(s) in question. You get an “Access denied” error in Windows Explorer even when running in an elevated process (administrator mode).
The problem also affects Windows Vista and 7.
If you try to access the drive using a program other than Windows Explorer, you can access the drive as long as the program is running in an elevated session. The problem seems to affect Windows Explorer alone, but I am not sure about that. What I have been able to establish though, is that it only affects users who are members of the local “Administrators” group. If a user has explicit access or access through another group, everything works as expected.
I detected the problem while migrating files and permissions from an old 2003 server to a new one running 2008 R2, and I think it is related to the local “Users” group not being granted access to the drive. Not denied, just removed from the root acl on the drive.
- Add explicit access to the drive for the administrative users that need access
- Turn off UAC (not recommended)
- Create a new group called Local_Admin_Access or something like that, add the local administrators group as a member, and give the new group full control of the drive.
- Give the local group “Interactive” full control of the drive. This grants access to any user who have local logon permissions and are currently logged on to the server.