Have installed Windows Server 2012 and added 2 users (adding more later on but for testing purposes I've done 2) I've noticed that when I then add my client PC's to the domain and then logon in with a user (not in admin group), everything is more or less locked down and I don't have read and write (or permissions) to do anything. I've taken off UAC which helps a bit but now I'm confused on what and where to change settings. There will be about 10 users connecting to the server and we are not really wanting anything to be locked down (I know sounds wrong but we want this server up and running without problems) Just how much of the client PC (Windows 7 64bit) is controlled by the server and how do you change it so users have more or less administrator rights and the C:\ and all the folders have the read and write permissions. (I have right clicked on C:\ and granted allow on the security tab this works until the Program Files and Windows folders say access denied) I have set up folders and the users that can see what folders they should on the server with allow and deny options but now I am confused on the level of lockdown Windows 7 has PC side of things. If I connect a Windows XP PC to the server domain everything works as normal. Just when a user logs on a Windows 7 PC the PC appears to have been locked down. Microsoft Office for example needs (I've read) read and write access to .dll files and other files and folders on the C:\ in order to work, but how you work out which files it needs? The easy answer would be to make the whole of the C:\ with read and write access would be my guess?? Anyway to cut a long story short, how do you make a PC less secure or less locked down from a domain server so users can at least use the Windows 7 PC's without "you don’t have permission to do that" error?