Have a domain account and a local account. Both are administrators — they are part of the administrators group. For some odd reason, something must have gotten corrupted as accounts require elevated privileges to edit or rename existing files and I can no longer create any files in any directory. I only can create "New Folder" and create files within that folder. The expectation is the Owner of the file or folder should be the administrators group when creating a new folder or file. Instead, the owner is me. And existing files do have Owner as administrators group.
I don't know if there's some corruption with the administrators group or domain and local user accounts. As a test, I tried remapping permissions for one folder and set the Owner as administrator group and issue did not resolve. If I set the Owner to myself and include myself in the permission list, however, then it's fine and I can create and edit files freely.
UAC is off. Slide bar is at the very bottom. I ran SFC /scannow and logs showed numerous duplicate permissions messages but not for every folder in the system. I don't see any GPOs configured. I ran DISM and component health is good. Nothing to repair there. Only thing that comes to mind is firewall and anti-virus. Windows Firewall is off.
Rebuilding this server is a last resort. Would like to avoid that use case.
Any ideas on what could be wrong and how to fix?
Best Answer
Found the problem.
For reasons beyond my understanding at the moment, even though UAC slider was at the very bottom, there is a registry entry tied to UAC that was still set to 1. It should be set to 0.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/958053ae-5397-4f96-977f-b7700ee461ec?redirectedfrom=MSDN
Open the Windows Registry and navigate to:
Look for EnableLUA and set its data value to 0.
You may have to reboot the server to realize changes. I tried logging off and on and changes weren't reflected. After I rebooted the server, the changes took effect.
For me, that resolved the issue.