Today I thought I’d setup roaming profiles on a Server 2012 file server, easy I thought, take me 10 minutes I thought…I was wrong.
So first things first, I created a share on my server with permissions:
Tested the share from another PC, great I can get on.
Jumped back on the server and tried to open the folder from the rout i.e. E:\Share\staff and I got the following
You don’t currently have permission to access this folder. Click Continue to permanently get access to this folder
Well if I click Continue then my share is ruined with ugly permissions I don’t want! I.e. I only want the permissions I specified above not my username dotted everywhere.
So I turned to UAC and disabled it:
No change, well thats mental……after a good hour of searching I found the answer was to set the registry to:
Reboot the server and all was fine in the world!!.
So why does UAC do this? UAC strips the admin credential from any un-elevated process. If you’re attempting to use an un-elevated process such as explorer to access a remote share using only admin credentials, UAC will strip the admin credentials from the process’ security token and the process will receive an “access denied” error. Which is stupid if you changing permissions.