I have a Server running Server 2008, I have added a specific Domain group to the local Admin group of the server. I then proceed to remove the local user group from certain folders as users do not need access to specific folders. The local administrator group has Full control over these folders. However, when a user from the domain group that was added to the local Administrators group logs in and tries to access these folders it says they do not have permisson and a dialoug box pops up asking if you want to proceed. Clicking yes then adds the individual user account the the security properites with 3 boxes checked: Read and Execute List folder contents Read Running and effective permissoins shows that these people have full control yet it still behaves in the way I described. Can anyone offer any insight for me on why the local user group and/or the individual domain account needs to also be listed in the security of a folder for this?

I guess this is due enabled UAC. See this thread for more info http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/1ea6cdc7-1e19-48e0-961e-96dfd0f13ed0