Thanks for your reply Yan Li! We are using Global Groups and Universal Groups. I have just noticed that our main: company.local network is doing it as well. My account is a domain administrator account for both company.local and companyprod.local. (I have tried both accounts set up on the company.local side, as well as the companyprod.local side). So using both accounts for each respective domain should gain Administrative Rights. It actually used to a month or so ago. Now when domain admins login, if you right-click on any harddrive in the computer, it only gives you the ability to create a "New Folder". When you try to save just a simple text or word document, a "Permission denied" error comes up. Is it possible that doing a domain "Trust" has caused a problem with our entire network and both domain controllers, preventing domain administrators, enterprise administrators the ability to have permission on these servers?

Hi, Did this issue occur before? Or it occurred after installing Windows Updates? Please do as follows to see which update caused this issue: open control panel > programs and features > view istalled update. We can see the date of every update, and according to the date we will know which update caused this issue. Best Regards, Yan Li Hello Yan Li, I found the issue. It isn't Windows Updates. It is something I have never noticed before. It is the User Account Control on Server 2008, Server 2008 R2, and Windows 7. By default the built-in Administrator, and domain Administrators have full privileges. Any other administrator account added afterwards, whether it be a local admin, or users added to domain admins/enterprise admins, they truly don't have "Administrator" privileges. You have to disable UAC before those other administrator users have the permission to create new files (outside of their user profile). We haven't noticed it until now, because we had always logged on using the local built-in admin, or domain administrator and they work fine. It wasn't until we decided to start logging in with our own user accounts which are a part of the Administrators, Domain Admins, and Enterprise Admins global/universal groups. Although they are apart of those groups, by default UAC does not allow other administrators to have full privileges unless it is disabled. A bug? I'm not sure.

I have just discovered this is happening to all machines added to the domain now, even regular desktop machines. I added a machine to the domain, logged in, no permissions. We went into Active Directory to that specific computer object, went to properties, to the security tab and added my user account as having "Full Control" over the machine. Logged in, still no permissions to create files on my own desktop computer.

Hello, I have encountered an issue where we have two domains that are having issues with domain users (administrative) that aren't inheriting those admin permissions when they log in. The first domain: company.local, the second is companyprod.local. The companyprod.local is located in a colocation site, and we have set up a Domain Trust between company.local and companyprod.local. We have user accounts both created in the company.local and companyprod.local domains. Whenever we try to Remote Desktop into any Server 2008 machine on the companyprod.local side either using the companyprod.local\username or company.local\username login credentials, that user is "not" inheriting Administrator permissions. We have several users added as an account in both the company.local and companyprod.local domains, and added into the Administrators Group. When we log into any server, and with those accounts set up, we aren't getting Administrator permissions, even though we're in the Administrators Group. If you open up any drive on the computer, you can "read", but when you try to create files, it just gives you a permission denied. This happens with Domain Administrators, and all users added to the Administrators Group. There are only three accounts that work. The company.local\administrator, the companyprod.local\administrator, and the localservername\administrator. Any other user on the domain does not inherit those permissions for some reason, but I cannot figure out why. Are there any suggestions? Or has anyone had experience with this?

I am becoming more and more convinced that this isn't a domain issue per se, but a Microsoft Windows Update issue. I took a brand new imaged laptop with the Windows 7 Service Pack 1 installed. The Administrator account (only account on the newly imaged machine) has no problem creating files on the C: drive. I created a second account called Demo and added it to the Administrators group. The account had everything "removed" from the Right-click -> New menu, except for "Folder", and when you try to save a document anywhere on the C: drive... same issue as domain computers: Permission Denied. This is a local user account added to a local admin group. It should work. Same symptom is happening on our domain. This first started happening a month ago. I don't recall if it was before we installed Service Pack 1, or not.

Hi, Did this issue occur before? Or it occurred after installing Windows Updates? Please do as follows to see which update caused this issue: open control panel > programs and features > view istalled update. We can see the date of every update, and according to the date we will know which update caused this issue. Best Regards, Yan Li

Hi, What kind of groups those accounts belong to? For example, Global group, local groups or universal groups? If you just create them in the two domains with the same account name and password, they are not the same one actually. Please create an account that belongs to global group and give it the administrator right and to check out the result. I have included a link here: Group scope http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Best Regards, Yan Li