NTFS permissions not applied as expected for Administrators RRS feed

  • Question

  • Consider the following situation:
    A folder on a domain joined Windows Server 2016 member server has the following NTFS permissions set:
    -Creator Owner: full control, subfolders and files only
    -System: full control, this folder, subfolders, and files
    -Adminstrators (FileServer\Administrators): full control, this folder, subfolders, and files
    -HR Department: modify, subfolders and files only
    -folder owner: FileServer\Administrators

    -FileServer\Administrators local group membership: FileServer\Administrator, Domain\Domain Admins
    -Domain\Domain Admins domain group membership: Administrator, Admin1, Admin2, etc.

    If you login to FileServer as domain\administrator you can use File Explorer to successfully browse the contents of this folder (ex: browsing to D:\data\departments\human resources).

    If you login to FileServer as domain\admin1 and try to perform the exact same task you get the following message:
    You don't currently have permission to access this folder
    Click Contienue to permanently get access to this folder.
    Buttons: Continue or Cancel

    Why do domain\administrator and domain\admin1 have different experiences when trying to browse to files on the same FileServer? They are both in the domain\domain admins group which is a member of the FileServer\Administrators local group. This is something I and others have experienced and I'm unsure why. The workaround is to just login as domain\administrator but why I would have to do that escapes me.
    Wednesday, May 20, 2020 5:12 PM

All replies