I recently built a new PC. I put Vista Home Premium on it. I used my name (Frank) as my username so there is one administrator account "Frank" on my PC. If I open explorer and navigate to Desktop>Frank>Music - i.e. my own Music folder where I want to store all my music (funnily enough) - Vista tells me "Access is Denied".When I first got this message I tried going to C:\Documents and Settings - "Access is Denied". Now, I've had a look around this forum and I see various people (including one from Microsoft) saying things like "The security system in Vista is designed this way" etc - but for what possible reason would I, as an administrator, be denied access to my own music folder? Or, come to think of it, why would I be denied access to any folder on my own hard-drive? I can't think of any so I have to deduce that the security system in vista is either malfunctioning or poorly designed.I've read in another thread here that the solution to my problem is to "Take ownership" of the entire drive but I have to ask myself - who, if not myself, owned it previously?

Hi Frank_C, I kinda in the same situation, I mean what on earth if Windows said I am part of the Administrators group then behaves as ifyou are not "really" an administrator. It isjust baffling!!! Also, I am the only user and only Administrator for this computer why don't I have "FULL" access to my system? Is Microsoft treating everybody who uses Windows Vista kinda idiots so lets "help" them by not allowing them to use their computer properly?

If you are an administrator you can able to access the any folder in C:\users. For example if you are loggin name is "EdLuria", you can able to access c:\users\EdLuria. And if you want to access other folders in Users, each Login-user has a folder here in c:\users, even you can access these folders, when you login as a EdLuria, only difference is you see a Consent UI which asks you You don't have permission -> "Click to Continue", you can click continue, and UAC prompt to continue. This is just because, all administrators are by default standard users, whenever you do an action which requires administrator priviliges, you will prompted for (UAC dialog) to continue with Admin access. This is security feature. And in Vista C:\Documents and Settings is not used. You can find everything in C:\users\EdLuria(current loging name). c:\%username%\contacts, c:\%username%\desktop c:\%username%\documents c:\%username%\downloads c:\%username%\favorites c:\%username%\Links c:\%username%\Music c:\%username%\Pictures c:\%username%\Saved Games c:\%username%\Searches c:\%username%\Videos. You can find more information about UAC from here. http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx Please let me know if you have any question. regards Santhi

thank you Santhi, you have it right, Vista security protect the user from themselves. You have access to your \user\your name and then the system, locks down other things. For example c:\program files\ you must be an administrator to Install software here, But the os will not allow the saving of data in this directory, It will push the data to a redirect location \user\your name\Appdata\... VISTA certified app do this by default. Old apps vista redirects on the fly. The same happens for some registry entries. When you login to Vista as an Administrator you are really a stand user ,and when you need to run a PROCESS as admin you get prompted this is called split token. please review http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1285927&SiteID=17 for more info

JAYTF Security Forum Moderator wrote:thank you Santhi, you have it right, Vista security protect the user from themselves. You have access to your \user\your name and then the system, locks down other things. For example c:\program files\ you must be an administrator to Install software here, But the os will not allow the saving of data in this directory, It will push the data to a redirect location \user\your name\Appdata\... VISTA certified app do this by default. Old apps vista redirects on the fly. The same happens for some registry entries. When you login to Vista as an Administrator you are really a stand user ,and when you need to run a PROCESS as admin you get prompted this is called split token. please review http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1285927&SiteID=17 for more infoThe system should not be able to lock down anything from an administrator account - that's what the admin account is there for. That's why it's password protected and that's why people are advised to create a standard account for normal usage.As for protection, I can think of numerous scenarios where an admin needs to delete files from a user's folder but in Vista he currently cannot do that because he is being "protected" from himself by Vista's security policy.And that link is about UAC, which is another completely ridiculous standard in Vista. Logged in as an administrator I have to constantly give myself permission to do whatever it is that I decided to do in the first place. Is Vista so unintelligent that it cannot differentiate between me, the admin, using my keyboard and mouse to interact with it and some malware doing it without my permission?

And, while someone who allegedly knows what he's talking about is posting in this thread - how am I supposed to modify a file that is in c:\Program Files\? I have legitimate reasons for doing so (in this case I need to edit an ini file) but Vista doesn't allow me to. It doesn't give me any kind of popup message or a way around it if I provide permission - it simply ignores any attempts to edit the file. All files are flagged as read-only and I can't change the attributes as an administrator. That's not security, that's poor design.

If you need to modify a file in c:\progam files Right Click on that application that you need to run as ADmin and then edit the file, or you can copy file to external location ( non protect location_ edit file and copy back) You will get UAC warning when you do this. The c:\program file directory is a system protect resourse and only develpers should be putting files in that directory, The developers are then taught to put end user files that change in the users\appdata folders if you are a developer and need to create programs that follow that design i can give you links to training. This is part was done to reduce loss

JAYTF Security Forum Moderator wrote:If you need to modify a file in c:\progam files Right Click on that application that you need to run as ADmin and then edit the file, or you can copy file to external location ( non protect location_ edit file and copy back) You will get UAC warning when you do this. The c:\program file directory is a system protect resourse and only develpers should be putting files in that directory, The developers are then taught to put end user files that change in the users\appdata folders if you are a developer and need to create programs that follow that design i can give you links to training. This is part was done to reduce lossThat's not actually true. You don't get a UAC warning when you try to modify a file in Program Files, you get no notification at all. Vista simpy ignores any changes you make to the file (including copying the file to another location and attempting to overwrite the one in Program Files). And there are various scenarios where non-developers need to change files in that directory (to change a program's settings in an ini file for example) but I am a developer and do need to be able to modify files in that directory.As I said before it's a matter of poor design. Saying that developers are taught to put files in other directories is ridiculous - how much software is written with Vista in mind? Very little. At the very least Vista should be designed with backwards compatibility for non-Vista applications and an Administrator account should always have free reign on its own system. The operating system is still too unintelligent to handle the job on its own and it's simply insulting to say that the security "features" in Vista are for my own protection.

Just to point something out as well - if you read my original post, the main problem I was having was that Vista decided I wasn't allowed access to my own documents - initially my music folder, afterwards all of the files and folders in my own user folder. There was no UAC prompt just a go-nowhere "Access is Denied" message box. There shouldn't even be a UAC prompt at all, while I'm on the subject. If I log in as an admin I don't need a prompt every time I click my mouse asking me if I still want to be an admin - I'll log off the admin account when I'm done. I might even want to run Vista as an admin permanently - but that's up to me, I don't need to be asked to confirm it every 30 seconds. Vista needs to change or it will never, ever be used in a professional environment.

You can disable the UAC if you want, but this is not recommended. Here are the steps to disbale this. Run -> SecPol.msc -> select "Local Policies" -> select "Security Options" Now in the Right pane, select "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" This security setting determines the behavior of the elevation prompt for administrators Right click on this and select "Properties" Select the option: Elevate without prompting: This option allows the Consent Admin to perform an operation that requires elevation without consent or credentials. Note: this scenario should only be used in the most constrained environments. If you still want to access c:\documents and settings, this is not a valid directory in Vista, as I was saying in my previous reply, you can find everything in c:\Users\santir\documents, c:\Users\santir\desktop... etc. regards Santhi

"Elevate without prompting" - that sounds interesting. If I'm an admin then I don't need to be prompted. I specifically don't want to be prompted in fact. So i'll try that later.Also, it is not UAC which is preventing my access to Program Files.And as I said, it was access to the new vista-structured documents folders that I was denied. My own one - e.g. Users > Frank > Music. Not with a UAC prompt, with a simple message-box that said "Access is denied" and with no other options than "Ok".

I believe that I was having the same issue as you, Frank. The access denied on folders like My Music was infuriating. It turns out, for me, the problem was that My Music a.) was a hidden folder that I had chosen to view because and Admin would like to see them, and b.) is a not a folder at all, but a Junction Point. It's there only to redirect filed that may try to write to \Documents and Settings\My Music to the new location of \Users\%username%\Music. It's an odd thing to be able to see junction points as folders because it's a bit deceiving. When I'd download a image, let's say I'd want to put it into My Documents\My Pictures, for example. In the download box I'd click on Documents on the left pane, just as I'd do in XP to quickly navigate to the root of My Documents, and when I'd click on My Pictures in the right pane I'd get an Access is Denied error. If I'd click on the quick link to Pictures on the left pane I'd be taken precisely to where I needed which bugged me tremendously as I couldn't figure out why the quick button the left worked, but clicking directly on the folder did not. Junction Points. It would be a great thing if there were an option on the View tab of the Folder Options to Hide Junction Points. If you choose not to display Protected Operating System Files it has the effect of hiding the Junction Points. I understand your frustration. I've been testing Vista for my company for couple of days and came across this. In Windows XP I always choose to view hidden files and folders as well as protected operating system files. In fact it's one of the first things that I do under an administrator-level account when I set up a computer. I hope this helps to resolve your situation or at least provide some clarity.

I like that no one is listening to the op. He specifically mentions a problem with c:/users/frank/music, not any junction point or link to the side or remapped 'my music' from an xp install that's been upgraded. He says it's not a UAC popup, but a flat out access denied box. If you want to offer help, read the post first. I wish I had something to offer other than my own confusion about the security model on owned folders. I also really enjoy trying to move music folders into c:/users/me/music. I get TWO UAC popups -- thefirst one asks if it's ok for a UAC popup to pop up and the second is the actual popup -- followed by a popup saying that I need permission which just continues to pop up infinitely when I hit try again. At least I guess it's secure. If an admin who owns the folder can't do anything with it, how could a hacker?

Thank you!And for more fun with vista's junction points: Try going to C:\Documents and Settings\All users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\... ad infitum.

I am so sick of being denied access on my password protected computer. I have the only account, and it is taking me at least 3 times as long to do simple file tasks if I am allowed to do them at all. This is a bunch of BS. I hate Vista just because of this issue. I don't have all day to dick around with permissions on my own computer. It is like buying a new Corvette that shuts down in the middle of the freeway to check and see if I still want to drive it. Either Microsoft thinks we are idiots or they are freeking stupid themselves. I will advise all my customers to avoid upgrades at this point. This BS is way too time consuming and totally unnecessary.

I've read all the messages in this thread and came to a few realizations: (1) the Microsoft tech has totally ignored the initial message that started this whole thread, (2) the tech doesn't really care. His lack of concern about the initial problem is proof of that. (3) Microsoft has put a bug in Vista that is vexing to everyone without a way to get around it. The help file says to run secpol.msc and that file cannot be found. That's a major problem that Microsoft should have fixed with the first messages that found their way into the Microsoft forums. Proof positive that MS is a disease and not a company with a mission statement aimed at customer satisfaction. (4) The fact that they won't fix this problem over the phone once the warranty expires is another way for them to make money. Bad enough they put a product out that protects the administrator from himself. Even worse to charge the administrator to overcome those built in protections. At least with XP I was able to access the administrator account by going into safety mode. Seems Microsoft wanted to deny us that advantage by removing it with Vista. I've said it before and I'll say it again, if the business world wasn't so Windows oriented I'd have gone to another system a long time ago. The only reason Microsoft has maintained a chokehold on the pc market is because they've so ingrained the business world with their product that it's virtually impossible at this point to get out.Reminds me of Michael Corleone in the Godfather 3 when he wants to get out of the Mafia. He complains that everytime he tries to get out they pull him back in. Funny how Windows does the same thing. Perhaps Microsoft will put in another tech that listens to the problem and solves it rather than hallucinatiing and solving a problem with another issue entirely.PeaceM.

What's even better is that secpol.msc is not even available to Vista Home Premium users. Heaven forbid a user may want to control his own machine, or serve as the administrator of his own home domain (er, workgroup). Now, it appears that the registry Key at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System is the probable location to set the Elevation without prompting, but I don't know the keys or words to set. Some help here would be nice. If someone would like to address this issue, it would be quite helpful. I'd also like to know how to access the Administrator account because all I have seen says to use Local Users and Groups in computer management, but, again, Home Premium users can't access it, so I can't access the REAL Administrator id.

I'm sorry, but on reading the original post I come away with the same conclusion - the original poster has mistaken the hidden junction points placed on the drive for compatibility purposes with the real deal. Certainly they did this for C:\Documents and Settings, which doesn't exist on Vista except as a junction point, and most likely they did so for Music as well. Now, would it have been a good idea for Explorer to have handled that situation better? Probably. If you have Vista Home Premium you do not get the cool tools like secpol.msc. That's part of the tradeoff of not paying more.