Scenario:
Like other admins, I log on and work as a 'standard user' (usera) with no admin rights anywhere in the domain, to perform admin tasks I have another account (userb) which I authenticate with as and when required. userb has been allocated/delegated permissions
as required.
Problem:
When trying to connect to shared folders on servers (2008 R2) using a UNC patch via Windows Explorer (Win 7 Ent.), I see an access denied error and do not get an option to supply alternative credentials.
If I try to connect to the admin shares on the same server (\\server\C$ or \\server\e$) I get an access denied message AND get prompted for credentials. I supply my admin account and gain access as expected.
If I check share and storage management when attempting to connect, I see that Windows is trying to connect me to each share as usera (which has no access). I understand why I get access denied at this point, but not why it can't just prompt me to supply an
account that does have access. When trying the admin shares I also see the usera account, but I get a prompt to supply a user who does have access.
Share permissions on the folders are for example 'Everyone' Full Control. NTFS permissions are 'userb' has modify (read, execute, list, traverse etc) via a 'Server Admins' AD Universal security group.
Note: If I do a NET USE from CMD and use the /USER switch, I can access the shares fine. But this is not great for accessing shared folders on the fly from various computers.
How can I get the other shares on the server to prompt me, rather than just say access denied?
Many thanks.