I was hoping you guys and gals could help me out with something that I have been unable to solve What I want to do is to grant a domain security group which I will call GROUP1 read only access to the entire system drive to one of my servers. GROUP1 should have read only access to all folders and files on the system drive the same way the local administrators security group has full access by default. I know by default even the local administrator security group does not have access to everything for example pagefiles, in which only the SYSTEM account has access. t is okay that GROUP1 does not get access to these few folders and files. But, GROUP1 needs read only access to the rest. My organization policy will not let me give GROUP1 admins rights so I cannot add them to the local administrators security group. I have searched online and find found nothing. Below are my two failed attempts. Let me know any more info is needed or would be helpful. Thank you all for your helping me with this.
Attempt One: I tried setting this permission on the root of the system drive allowing it propagate but it would not propagate to built-in folders like Users and Windows. When I set this setting again on Users it would not propagate to its subfolders. (FAILED)
Attempt Two: I tried adding GROUP1 to the local security group Backup Operators of the system. Unless using a backup program members of that group were not able to access files. (FAILED)
The second the part of my question is once we solve part one, could I let GROUP1 members access the system drive remotely by the default administrative share (i.e.\\myserver\C$) or do I need to create a new share on the root on the system drive.
My system is a Windows 2008 R2 (Member Server)