So I configured a file server for a customer, It’s been a while because mostly I’m working with RDS. So I started as I always have been doing;

  • Install the file server role
  • Create a new disk/volume like D:
  • Remove the “everyone” and the “authenticated Users” on the D: drive so it only has Administrators, Creator and System rights. Even those users won’t get there as they don’t have access to the actual server, I want a nice and clean rights system.

As soon as I did that I gotAccessDenied

I couldn’t access the D: drive any more. This is due to the UAC, but it’s very annoying. I tried starting Windows Explorer like an admin, but failed. Eric told me this is only possible when you start Explorer from a Windows service (which means you need to create a service that runs explorer.exe) because it ignores UAC.

Your options are to let the everyone group in place or you might get good results with different file explorers.There’s a good article from Helge about this.

Or you are like me, and decide that UAC is worthless for admins who know what they are doing and disable UAC in its entirety;

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableLUA”=dword:00000000

Be aware that the sliders in Win12R2 in the control panel do not completely disable UAC, you need to use the) registry key.

Categories: Windows Server

Leave a Reply

Your email address will not be published. Required fields are marked *