When UAC is enabled a member of the Administrators group is logged on with a token that does not contain Administrator privileges. Unless and until elevation is requested for this user Windows will make its access control checks based on this token. That is why access to a different user's profile is initially denied. This is the mechanism that Windows uses to provide least privilege access to users that are members of the Administrators group by default and only provide elevated privileges when needed.
Permission to access the profile of other users, redux.
I have a question that is a followup from a post over a year ago:
Permission to access the profile of other users
The user profiles at C:\Users\NewUser by default will have permissions:
Owner: Administrators group
Principals: SYSTEM - Full control
Administrators - Full control
NewUser - Full control
All child folders and files below have the Owner as NewUser with the same Principals and Access.
When you are logged on as an Administrator say NewAdmin (member of Administrators group) and attempt to open C:\Users\NewUser one gets the dialog: "You don't currently have permission to access this folder."
My Question is: Why doesn't NewAdmin already have access by virtue of being a member of the Adminstrators group? Also, if I hit Continue, NewAdmin user is permanently added to the list of Principals allowed Full Control. What is the logic for doing this?