Hi,
all members of "Domain Admins" built-in group cannot create/modify any file or folder on any partitions of Domain Controllers.
If domain admin logs on any DC and create/change, then the access is denied.
If the domain admin start Windows Explorer or PowerShell, etc. in elevated mode, then he can create/change any files/folders.
I know that is related to UAC.
I cretaed a GPO, set UAC settings correctly and applied it to "Domain> Domain Controllers" OU for the Group"Domain Admins". But this did not solve also the issue.
Domain Controller Local Security Policy has another settings (UAC enabled). As I know the GPO on the OU level has the highest priority on applying of GPOs. Is DC an exception? If yes, how can solve this issue?
Best regards
Birdal
