One to try, and I'd appreciate any thoughts on this.
On a Windows Server 2008 R2 box (or presumably 2008 R1, Windows Vista or Windows 7):
i) Logon as an administrator, and create a new NTFS volume
ii) Blow away the standard MS ACLS on the root of the volume (which are laughable), and replace with Administrators:Full Control, System:Full Control, e.g.:
echo Y|cacls.exe d:\ /g "Administrators:F" "SYSTEM:F"
iii) Now, from a Command Prompt shell window or PowerShell window, switch to that drive (cd /d D:\ or set-location D:\ ). Works fine... no issues.
iv) Now, try to browse to the root of the new volume using MS Explorer... Access denied.
Now, I've kind of convinced myself that it is UAC getting in the way, as you can add "Authenticated Users:List" access to D:\ and Explorer then works. I can only assume that MS Explorer isn't able to use the "admin" token for the Administrator. Browsing to explorer.exe and doing a "Run as administrator" has no effect.
Any thoughts?
Cheers in advance.
Yep, that is UAC. Explorer windows don't really accept admin tokens via UAC.