I came across an odd manifestation of UAC today. It's been a long time since I've had to set up CIFS shares using local accounts for authentication, having always had domain-joined computers, but that's what I had to set up today for a file sync involving servers from untrusted domains.
I created local accounts on a remote Windows 2003 Server, a remote Windows 2008 R2 server, and the Windows 2008 R2 Server that I was logged on to, and added the account to the Administrators group on each machine. Each account of course had the same name and password. On each remote server I created a share on which Administrators had full control and Users had read access.
I logged on to the local machine with the account I created and I could access the share on each remote server without being prompted for credentials. I could write to the share on the remote Windows 2003 Server, but on the remote Windows 2008 R2 Server I was only allowed read access. I logged on to the local machine with a domain account which was in the Administrators group on the remote Windows 2008 R2 Server and I was able to write to the share. Once I turned off UAC on the remote Windows 2008 R2 server, I was able to write to the share using the local account.
Has anyone else come across this? I can't find any documentation about it. Why would a local account be affected by UAC when accessing data over the network, but not a domain account? Usually I access a file system remotely to get around UAC.
Any answers would be great, but watch out for this if you need to use the local account file sharing model. I see no way around this other than by disabling UAC.