I have setup two Server 2008 R2 SP1 VMs in a lab. Both have been having strange permission problems and it appears that although I have added the Domain user accounts I setup into the Local Administrators group they don't appear to have admin rights to the machine So I have a SQL server - and a standard user account SQLManager On the server I add \\Domain\SQLManager into local administrator group so it should have full rights on that server Loking at some threads I checked some things out whoami /groups /fo list = Medium Mandatory level i.e. user level access I removed and readded the machine back to the domain incase of duplicate SID but no dice There won't be any GPO because its my own little domain so no higher policies prevailing Any advice ?Ian Burnell, London (UK)

Have you or are you attempting to provide the username to the group in the following format? DOMAIN\username I noticed in your post a prefix of \\ which may cause issues.Doug Kentner

No browsed to the account so it is correct domain\username in the Administrators group on the local member server Ian Burnell, London (UK)

I have setup two Server 2008 R2 SP1 VMs in a lab. Both have been having strange permission problems and it appears that although I have added the Domain user accounts I setup into the Local Administrators group they don't appear to have admin rights to the machine Could you please explain bit more on above part ? Perhaps, you might need to disable UAC on your servers ! To disable UAC from prompting for credentials to install applications Click Start, click All Programs, click Accessories, click Run, type secpol.msc in the Open text box, and then click OK. From the Local Security Settings console tree, click Local Policies, and then click Security Options. Scroll down and double-click User Account Control: Detect application installations and prompt for elevation. Select the Disabled option, and then click OK. Close the Local Security Settings window. To change the elevation prompt behavior for administrators Click Start, click Accessories, click Run, type secpol.msc in the Open box, and then click OK. From the Local Security Settings console tree, click Local Policies, and then click Security Options. Scroll down to and double-click User Account Control: Behavior of the elevation prompt for administrators. From the drop-down menu, select one of the following settings: Elevate without prompting (tasks that request elevation will automatically run as elevated without prompting the administrator)Prompt for credentials (this setting requires user name and password input before an application or task will run as elevated)Prompt for consent (default setting for administrators) Click OK. Close the Local Security Settings window. Ref: http://technet.microsoft.com/en-us/library/cc709691(v=ws.10).aspx Also, Disabling User Account Control (UAC) on Windows Server http://support.microsoft.com/kb/2526083 I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Yes I chercked that - thanks Here's the deal - shame I can't cut and paste from my VM into here... I have an account Mydomain\SCCMManager Log onto to VM server LONCM12 Server 2008 R2 as Domain admin account Admistrators group add in Domain\SCCMManager Now logging on as SCCM Manager take an exmaple. Try to delete a folder "You need to provide administrator permission to delete this folder". If I do it does continue ok, but the default permissions for that folder are system and administrator full control. Why therefore does this account have a problem deleting/accessing folders ? The other issue I'm having is that I'm using this VM to test new features of Configmgr 2012. A new feature is the ability to inject the latest MS security patches into a .WIM image. There is a task run from the configmgr console to do this that copies the source .WIM file then uses dism to mount the image and inject the patches. Each time I run it I get error 5 access denied. I believe the task runs under the local system account but I'm wondering whether this could be the same issue since the computer account is required to be a member of the local administrators group for configmgr. If it (local system) did not have admin rights over the computer this could be the issue in that it didn't have rights to the .WIM file