On Windows Server 2008 R2, we have an application installed that has some plain text configuration files. My team needs to be able to edit these files regularly.
All my team have dedicated admin accounts that are full Administrator on these servers, many are Domain Admin and Enterprise Admin too. The servers are critical infrastructure and we do not want to switch off UAC.
Trying to access these text files located in C:\<appname>\app\product\client\network\admin from the interactive console of the server results in Access Denied. We cannot create a new file in the folder (the only option is new folder). Viewing security shows the group Servername\Administrators as having full rights, the Effective Permissions tab will show that each user account has all access rights to the folder and to the file.
From a Windows XP client, we can connect to \\servername\c$\<software>\app\product\client\network\admin with the same username as had access denied before, and full control is granted - the file can be edited.
We don't want to switch off UAC on these servers. We don't want to change ownership to an individual user on these files, just so the file can be edited.
How do we change the configuration of these folders so that we are able to actually use the permissions that have been specifically assigned to the system?