Windows folder permissions, Administrators and UAC, what's the "right" way to deal with this?

The best way is to define a new group containing members that you consider to be administrators of that folder. If you have an AD domain, you can create this group in AD and then add that group to the Administrators group (of the local machine) and avoid having to administer two groups.

Note: If you're trying this locally, remember you have to log off and back in again for the new permissions to take effect.

The solution is to simply manage the server remotely. The UAC filtering of the administrator privileges only applies when you are accessing the local system.

With the release of Server Core, Microsoft has been strongly encouraging people to remotely administer servers instead of connecting to them directly to manage them.

Of course if you have a really small network this may not be feasible, so disabling the UAC is fine, or adjusting the filesystem permissions so that another group is used instead of administrators to grant permissions.

There are two options to work around this limitation easily:

• Use a file manager of your choice (total commander, eg) and run it as administrator (preferred)
• Disable the explorer UAC restriction: http://www.msfn.org/board/topic/144776-unable-to-open-an-elevated-windows-explorer-window/