1

Have a domain account and a local account. Both are administrators -- they are part of the administrators group. For some odd reason, something must have gotten corrupted as accounts require elevated privileges to edit or rename existing files and I can no longer create any files in any directory. I only can create "New Folder" and create files within that folder. The expectation is the Owner of the file or folder should be the administrators group when creating a new folder or file. Instead, the owner is me. And existing files do have Owner as administrators group.

I don't know if there's some corruption with the administrators group or domain and local user accounts. As a test, I tried remapping permissions for one folder and set the Owner as administrator group and issue did not resolve. If I set the Owner to myself and include myself in the permission list, however, then it's fine and I can create and edit files freely.

UAC is off. Slide bar is at the very bottom. I ran SFC /scannow and logs showed numerous duplicate permissions messages but not for every folder in the system. I don't see any GPOs configured. I ran DISM and component health is good. Nothing to repair there. Only thing that comes to mind is firewall and anti-virus. Windows Firewall is off.

Rebuilding this server is a last resort. Would like to avoid that use case.

Any ideas on what could be wrong and how to fix?

user3621633
  • 161
  • 6

1 Answers1

2

Found the problem.

For reasons beyond my understanding at the moment, even though UAC slider was at the very bottom, there is a registry entry tied to UAC that was still set to 1. It should be set to 0.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/958053ae-5397-4f96-977f-b7700ee461ec?redirectedfrom=MSDN

Open the Windows Registry and navigate to:

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Look for EnableLUA and set its data value to 0.

You may have to reboot the server to realize changes. I tried logging off and on and changes weren't reflected. After I rebooted the server, the changes took effect.

For me, that resolved the issue.

user3621633
  • 161
  • 6
  • 2
    glad you found the issue... but for me, your problem sounds like there is also a filesystem permissions issue. Usually, you don't need to turn off UAC to be able to edit some files... – Martin Aug 12 '20 at 18:50
  • I agree. There's something not quite right, be it system files or registry, but, for now, rebuilding the server is not an option. Elevated privilege is one thing. Unable to create or edit a file as an admin is something else. Maybe the slider and the registry value out-of-sync is a clue. If I move the slider up and set the registry value to 1, maybe it'll work as intended. – user3621633 Aug 12 '20 at 19:50