need help resolving local folder security issue with AD user accounts
I am deploying windows 7x64 Professional in a Windows 2008 domain environment at a school and I am having problems securing local folder access using AD user accounts. Essentially I have some folders at the root of C:\ and a separate partition called X:\ which all need to be secured against access by student users. All of my users have AD user accounts and log onto our computers by authenticating against the domain. Previously with XP I was able to simply select a folder's security permissions and remove {local machine}\users from the security permissions and leave access to those who were in the local administrators group. With Windows 7 I have done the same thing, which is to add AD user groups to the local administrators group and then removed the group {local}\users from access to my sensitive folders. I am capturing my master image while it is in AUDIT MODE and deploying it with Landesk MS 9.0; my unattend.xml file contains the necessary settings to get everything straightened out during deployment, or at least I think so. My problem is this: Once I deploy my image and I log onto a fresh win 7 install with some domain credentials which are supposed to be populated in the local administrators group, I notice that I can't get into my sensitive folders without clicking in a new dialog box... "you don't currently have permission to access this folder Click CONTINUE to get permanent access to this folder" Once I click CONTINUE then everything is okay but this is an uncessary action and I want it to go away; what is worse is that my 2nd partition, X:\, I can't access it at all no matter what I do. I simply get an "Access Denied" message when I try to get into it. I am wondering if my experience here is standard uber excessive Windows 7 security protocols or is a symptom of some other problem with the way that I am setting up my image or deploying it? I'd like to get back to my standard practice of setting local security permissions on my model image with AD user groups and then have those permissions remain intact at the end of my Windows 7 image deployment. -any help would be much appreciated. Thanks
July 14th, 2011 6:03pm

bump...
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2011 10:31am

Hi, This forum is focused on Windows 7 usage-related questions. Based on your description, I suggest you ask this question in Windows Server forum. Thanks for your understanding and cooperation! Regards, MiyaThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 19th, 2011 1:51am

bumping again... ...sure, this post addresses a 'network' environment that involves a 'server', however the behavior is being experienced at the local O/S level and is not influenced by the server. I believe that I could produce this same problem with a computer issolated from the network using only local users and groups. Again, the problem is that Win7 pretty much ignores local security groups and uses individual user accounts when it controls file/folder access. Anyone know how to eliminate this behavior in Win7?
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 12:32pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics