SQL Server 2008 R2 Express permissions -- cannot create database or modify users

In SSMS 2012, you'll have to use:

To enable single-user mode, in SQL instance properties, DO NOT go to "Advance" tag, there is already a "Startup Parameters" tag.

1. Add "-m;" into parameters;
2. Restart the service and logon this SQL instance by using windows authentication;
3. The rest steps are same as above. Change your windows user account permission in security or reset SA account password.
4. Last, remove "-m" parameter from "startup parameters";

Coming late to the party, but I found this fantastic step-by-step guide on getting control of your SQLExpress instance if you don't have your sa password. I used this process to not only reset my sa password, but I also added my domain account to all the available server roles. I can now create databases, alter logins, do bulk operations, backups/restores, etc using my normal login.

To summarize, you use SQL Server Configuration Manager to put your instance into single-user mode. This elevates you to sysadmin when you connect, allowing you the ability to set everything up.

Edit: I've copied the steps below - kudos to the original author of the link above.

1. Log on to the computer as an Administrator (or Any user with administrator privileges)
2. Open "SQL Server Configuration Manager"
3. Click "SQL Server Services" on the left pane
4. Stop "SQL Server" and "SQL Server Agent" instance on the right pane if it is running
5. Run the SQL Express in single-user mode by right clicking on "SQL Server" instance -> Properties (on the right pane of SQL Server Configuration Manager).
6. Click Advanced Tab, and look for "Startup Parameters". Change the "Startup Parameters" so that the new value will be -m; (without the <>) example: from: -dc:\Program Files\Microsoft SQL.............(til end of string) to: -m;-dc:\Program Files\Microsoft SQL.............(til end of string)
7. Start the SQL Server
8. Open your MS SQL Server Management Studio and log on to the SQL server with "Windows Authentication" as the authentication mode. Since we have the SQL Server running on single user mode, and you are logged on to the computer with Administrator privileges, you will have a "sysadmin" access to the database.
9. Expand the "Security" node on MS SQL Server Management Studio on the left pane
10. Expand the "Logins" node
11. Double-click the 'sa' login
12. Change the password by entering a complex password if "Enforce password policy" is ticked, otherwise, just enter any password.
13. Make sure that "sa" Account is "enabled" by clicking on Status on the left pane. Set the radio box under "Login" to "Enabled"
14. Click "OK"
15. Back on the main window of MS SQL Server Management Studio, verify if SQL Server Authentication is used by right clicking on the top most node in the left pane (usually ".\SQLEXPRESS (SQL Server )") and choosing properties.
16. Click "Security" in the left pane and ensure that "SQL Server and Windows Authentication mode" is the one selected under "Server authentication"
17. Click "OK"
18. Disconnect from MS SQL Server Management Studio
19. Open "Sql Server Configuration Manager" again and stop the SQL Server instance.
20. Right-click on SQL Server instance and click on "Advanced" tab. Again look for "Startup Parameters" and remove the "-m;" that you added earlier.
21. Click "OK" and start the SQL Server Instance again
22. You should now be able to log on as "sa" using the new password that you have set in step 12.

You may be an administrator on the workstation, but that means nothing to SQL Server. Your login has to be a member of the sysadmin role in order to perform the actions in question. By default, the local administrators group is no longer added to the sysadmin role in SQL 2008 R2. You'll need to login with something else (sa for example) in order to grant yourself the permissions.