I'm getting pretty frustrated here. Windows 2008 is bugging the **** out of me. In general I want to keep UAC active, but this problem of mine is making me turn it off. Hopefully somebody can explain/help me with a solution so I don't have to. The case: On all my Windows servers I keep a "Journal.log" text file where I note the changes etc I do tho the systems. I used to keep this in c:\windows\options, but I've later come to know of the ".LOG" function (write it at the first line with CAPS) that inserts date and time at the bottom of a textfile when opened in notepad, so I moved my "Journal.log" file into "all users\start menu\Startup" so it would pop up each time an admin logged in. All worked fine in Windows Server 2003. But now, when we moved to Windows Server 2008, UAC is blocking this. If I'm logged in as the default 'administrator' (this is on my domain controller) I can save, but if I log in with my personal admin user I get an error message: Cannot create the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Journal.log file. Make sure that the path and file name are correct. And they are of course correct. I just opened the file and then File -> Save. After hitting OK on the error message I get the Save As dialog. I've tried to give the domain admin group (which my admin user is part of) full access to both Startup folder and Journal.log file. Still stuck with the errormsg. How can I give my self write/change access to this file without disabling UAC? /Christopher

Hi, With UAC enabled, the users full administrator access token is split into two access tokens: a full administrator access token and a standard user access token. During the logon process, authorization and access control components that identify an administrator are removed, resulting in a standard user access token. The standard user access token is then used to start the desktop, the Explorer.exe process. Because all applications inherit their access control data from the initial launch of the desktop, they all run as a standard user as well. Therefore, the domain admin user account does not have permission to save the file in the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup, although it is a member of the domain admins group. I suggest that you open the log file with logon script. By default, all users logging on to Windows Vista/Windows Server 2008 use their full token to process Group Policy and logon scripts. As a result, the log file will be open with the users full administrator access token and you are able to save it.