1

Hello Spiceworks Community,

I’m encountering a peculiar issue with one of my file servers and would appreciate any insights or troubleshooting tips you might have.

Here’s the situation:

Myself and another staff member used to be members of the domain admin group. We recently changed this error and created new accounts for Daily Driver use, IT Admin use and Domain Admin use (3 separate accounts each)

  • The other user has an odd issue that when they create a new folder on our main file server, instead of their Daily Driver username being listed as the folder owner, the “Administrators” name is listed as the owner.

  • I do not have this issue with my account and see my Daily Driver name as the owner.

  • This behavior only occurs on this particular file server. A newer file server, set up a few months ago and prior to the user being removed from the Domain Admin group, does not exhibit this problem.

Here’s what I’ve checked so far:

  1. Verified the user is a member of the local Administrators group on servers and workstations.
  2. Compared server configurations, roles, and policies between the affected server and the newer file server.
  3. Investigated Group Policies, NTFS permissions, and local security policies.

I suspect there might be something specific to the configuration or inheritance settings on this server causing the issue.

Has anyone encountered a similar problem or have recommendations for tools or methods to compare server configurations effectively?

Thank you in advance for your help!

6 Spice ups
2

Sounds like that user’s account is in the local admin group on the file server. Which account is having the problem? The user’s daily, IT, or Domain Admin account?

I always opt to set up Role Based Access Control within a domain to avoid individual user accounts from being used to apply permissions.

3

I was thinking the same thing. It’s the Daily Driver account which I verified it is not in the server administrators group.

New info todays shows that it seems to coming from his laptop. I had him sign into another computer and create a new folder on the file server. That worked fine showing his account as the owner instead administrator.

He is not specifically a member in the local admin group on his laptop. But our IT Admin group is a member of the local admin group, which he - and I are members of.

I verified that my laptop has the same local group setup as his.

4

Does he happen to have a mapped drive to the location using an account that causes a new folder to show ownership as “Administrators”?

5

Hadn’t thought of that, but I will check. He should be mapping drives from a domain script, but we all know how that goes lol.

6

I prefer to map drives using Group Policy.

7

No luck. We verified that he is mapping drives from the domain login script.
I’m digging through his laptop to see if something comes to light.

8

Look in Credential Manager on the affected workstation, there could be something stuck there.

1 Spice up
9

Are you creating folders in the same location?
Are you creating them the same way?
Does it happen if you try from the same workstation?
What happens if you both try from a new/different workstation?

Please confirm: You said you have 3 separate accounts - only your respective IT admin accounts should be in the IT Admin group. The account in use (daily driver) should not be a member of the IT Admin group (or built-in domain admins).

10

since it appears to work fine on another computer, it comes down to how the problem computer is mapping the drive, something is causing it to map using the Admin Creds. i would disconnect the drive, and map it manually, see if the problem persists.

11

Here’s another wrinkle.
He is logged onto his laptop with his daily driver account. Confirmed that using WHOAMI.

I checked active sessions on the file server and it is showing his IT admin account is connected, not his daily driver. But if I look at his connection on a different server, that dhows his daily connected not the IT admin one.

Something on his laptop is pulling his IT admin account when making a connection to the file server.

I feel like I’m getting closer :slight_smile:

12

Definitely check Credential Manager > Windows Credentials

You can specify an account to use when connecting to a server, and it will override the account you’re logged in as.

13

Hi @JimMuth,

You and @Rod-IT are spot on, your colleague’s open session on the old file server is using their IT Admin account instead of their Daily Driver account. @phildrew also made a great call with the Credential Manager suggestion.

This is often due to Windows silently applying cached admin credentials, which override the user session and result in folder ownership defaulting to “Administrators.”

We recently encountered a similar issue, and here’s what worked for us:

  • Remove any saved credentials for the old file server from Credential Manager (under Windows Credentials).
  • Disconnect any active SMB sessions.
  • Reconnect to the share without saving credentials. Access it directly (e.g., \\Server\Share) or remap the drive using the correct Daily Driver account.

If folders still show “Administrators” as the owner, check for NTFS inheritance or confirm whether the parent folder has explicit ownership assigned to the Administrators group.

Hope this helps!

14

When you do that…what account is used to run the Domain logon script (I guess is some Domain Admin) ?

This is one reason why we do not use logon scripts as it will use the Domain admin’s creds and not user creds (user creds do not have rights to launch scripts from GPO or DCs directly).

Then is the user a local admin ins his lappy ?

15

Thanks for all the latest responses everyone. I just got back in town last night and I’m continuing to work through these. Will send another update soon.

16

So removing the /winreg connection that was associated with his admin account seems to have worked. Now I need to find out where that came from.

Thanks again for all the ideas and feedback!