This problem was a result of a previous error made, below is a list of events leading to the problem. Any information / help /or advice would be greatly appreciated as i am rapidly getting out of my depth. First i created folder within the C drive of the server and gave an active directory user full control of it, i forgot to make it so that the folder didnt inherit the above folder so all the user within active directory could view the users files. To prevent this the permissions where changed to deny all of the users withing a users group. However this blocked everyone from using the file, (this was because the user with full control was within the users group) i went into the advanced permissions removed all the permission related to the full users group with active directory. this left the user who has full control of the file and the administrator. However this still wouldnt let me access the files within the users folder (even though i was logged into the server as administrator, I then found out that the administrator user account was based within this users group p.s. didnt set this system up, I would have assumed that the administrator account should be in a higher teir then the rest of the user, can so one advise on that please. In an attempt to get the files back to the user so they could continue working, I decided I would create a new folder and link the profile to the new folder and copy the files from 1 folder to another ( but this failed i assume because the administrator account is still being blocked by the deny all setting) So i decide i would log in as the administrator on the local machine, not the domain and copy the files that way. As i didnt set the system up i didnt have any passwords, i contacted the company that did and they said it would have been disabled when the domain was created. they sent me a link and said try this http://windows2008serveradmintools.blogspot.com/2008/05/how-to-activate-local-administrator-on.html if i do the following steps in the quick guide but select the domain to be the local machine will i be able to copy the files? or is there a much easy way? Thanks Mike

Is this a domain controller or member server? Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]

Hello, what happens if you try to remove the administrator from the denied group? Is that a builtin group or self-created, local or domain based? Working with deny is always the latest option you should use in configuring permissions, better use differentiated allows for multiple groups or if not possible user accounts.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Dave - its a DC Meinolf - Its a builtin group, I created another administrator with the same privilages not in the denied group but it didnt effect it. the solution - make the files owned by the builtin administrator, then you are able to view the permissions again. in the advanced permission you will see that the system as well as the users group are denied remove them (as well the the users from the allowed section - which was what was trying to be done in the first place). this leaves just the following allow admin user account, admin builtin, sytem and the single user