Last week I was visiting a client to troubleshoot the SharePoint environment. A strange error they were experiencing was that when they were trying to add users in SharePoint, they received an Access Denied page. However, the user(s) were actually added succesfully. The same happened when removing users.
Users who had Full Control in Policy for Web Application did not experience this behavior, but that is not the way you want to handle security in SharePoint.
The only difference with the web application that had no issue, was that the Edit Personal User Information right checkbox was cleared in Central Administration => User permissions for Web Application.
Checking this box solved the problem.
When implementing a new product, you're bound to stumble on new issues (or at least I thought it was an issue). I had installed FAST Search Server 2010 for SharePoint on a dedicated server. Everything went fine until I wanted to follow the configuration wizard for FAST Search Server. When I wanted to enter the user name and password in the dialog box, I received a "User name or domain is incorrect." error.
Let's say our domain was named domain.local. Using these formats gave us an error:
DOMAIN\fast_service
fast_service@domain.local
After I was searching for an hour what the problem could be, the customer himself apparently succeeded in getting through the configuration wizard by using this format:
domain.local\fast_service
In Microsoft products - including SharePoint 2010 - I never had to use this use name format. It are the little things...