NOTE: This is NOT an issue with clustering, but appears to be an issue with w08 (and w08r2) regardless of whether the drive is clustered or local. For more info look here -> http://www.myfriedmind.com/techBlog/2009/10/14/UACAndDomainAdminsPermissionsIssueOnWindows2008.aspx

============ The information below is misleading - see the above link for correction

 

Another addition to w08 that might trip you up is the use of the User Account Control (or UAC) to prevent Administrator accounts (other than the default created one) from doing anything useful (unless prompted). Connect that with the fact that you can only sign onto a machine once per account (see this) and you have a case where you have to log on as the non-default Administrator but are hampered in doing your work.

Put aside the annoying popups (are you SURE you want to see the security permissions? Really? Really?) there is are more serious issues. Case in point - we have a Cluster server with the Role of File Services. Logged on as a lowly Domain Admin I can not get to the actual drive that it is sharing. Let me state that again clearly

1. I am working on a Clustered w08 server with the Role of File Services
2. I am logged on with a Domain Admin account (but not with the default Administrator account)
3. UAC is turned on
4. I can NOT access the drive(s) (much less the shares) that the Cluster uses

I don't even get a chance to say that "YES, I WANT TO ACCESS THAT FOLDER" which you normally get with UAC, just a big red X.

What are the possible choices? It seems that there are two:

1. Always use the default Administrator account when logging on to a Clustered w08 account. This always gives you access.
   
2. Turn off UAC ON ALL CLUSTERED SERVERS (since if it is not turned off on the host server, whichever one that is, you are going to run into the same problem).
   

I prefer #2 since (hopefully) the only people who will EVER be logging directly onto your server are Administrators anyway. Once the UAC is turned off you will be able to access all the appropriate folders, etc. Note that changing the UAC setting requires a reboot (one of the few things that still does in Windows - yeah!) so I would suggest you do it on the non-active nodes first so you are not constantly moving your active node from one node to the next.

I am not sure firstly, why this happens; and secondly, why there is no prompt to override it (I am, after all, a Domain Admin and therefore in the Administrators group of the servers) but it does happen. There is no way that I am aware of to set UAC to allow groups, or even to add more people. It is on (and only the default Administrator account can do the work) or it is off.

Hope this helps...

Note: MSoft reports that this is unique (or at least they have never heard of it). One interesting note - I can run the Cluster Configuration Validator even logged in as a non-default Admin with UAC turned on. Go figure...