We help IT Professionals succeed at work.

Vista Domain Account Rights

danimalhenry asked
Im running a vista machine, on windows 2003 domain. My domain account is in the Administrators group on a local machine running vista, yet when i go to install some programs, i still get prompted for Admin rights. Even when i right click the setup file and go to "Run As Administrator", it still says i dont have enough rights. I went into the security policy settings, and enabled/disabled everything i could under the UAC settings. I actually got rid of as much security as was available, which is more than i ultimately want to do, and it still wont let me... Does anyone know how to get vista to play nicer with domain accounts?
Watch Question

You probably do have enough rights, but what's blocking you is User Account Control.  Try turn off User Account Control for testing.  Press F1 in Explorer, (don't search microsoft), enter "UAC" in the search field, and then follow the second link to turn on or off user account control.  Only do this as a test though, we keep UAC on for security reasons.

If you are able to install with UAC turned off, then it's clear that UAC is causing you grief.  I've not had UAC stop an installation from occurring before, perhaps what you're installing is not UAC or Vista aware?


Thanks, that actually helped solve a different issue i was having with Vista not running my domain applied login script. However, i still cannot launch this setup file. I'm trying to install Roxio 9. It works if i log in as the local administrator, but that's a huge pain. I've installed a lot of software on this machine, and this is the first time i've run into this; so its quite possible that it's just something with Roxio. Thanks again!
Oh man this has probably been one of the trickiest components of this
blasted UAC I've had to face so far.

Basically, due to the way UAC handles permisisons during logins as
described on this page
We have to schedule the script to run as interactive user. BUT, this
solution now breaks your non admin users who don't have permission to
schedule anything.

I've written/modifed two scripts which are pasted below which will
hopefully solve everybody's problems. In my GPO for my scripts I have
Script Name:
Script Parameters:
drive_mapping \\soe.eo\NETLOGON\Logon\drive_mapping.vbs

The drive mapping script does all my drive mappings, so you use your
own one there.
The launchscript wsf file first determines if you are an administrator
- if you are, then it schedules the script to run as recommended by
Microsoft, otherwise it just launches it normally.
The reason I've added a second parameter to the MS suggested solution
is because if you want to run more than 1 script, then it will fail as
the original script has a hard coded scheduled task name. This change
I've made will allow you to schedule more than 1 login script provided
you give them different names.

This scenario is working for me on several scripts launched from the
same GPO and regardless of whether or not I log in as an administrator
or standard user. I use this methodology to map network drives as
well as connect network printers.

Contents of launchscript.wsf
<script language="VBScript">
If WScript.Arguments.Length <> 2 Then
WScript.Echo "Usage: wscript launcscript.wsf <ScriptName>
End If
On Error Resume Next
strScriptName = WScript.Arguments(0)
strScriptPath = WScript.Arguments(1)
strTestFile = "C:\test.txt"
set FileSys = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")
FileSys.CreateTextFile strTestFile, Overwrite
If FileSys.FileExists (strTestFile) then
' We are an administrator - schedule the script to run
WshShell.Run "\\soe-dc\NETLOGON\schedulescript.wsf " & strScriptName
& " " & strScriptPath,1,true
' We are a standard user - just launch the script
WshShell.Run "wscript " & strScriptPath,1,true
end if
FileSys.DeleteFile strTestFile
Contents of schedulescript.wsf
<script language="VBScript">
'************************************************* *****************
' This script launches the second parameter as the interactive user.
' Written by Microsoft - Improved by Lester
'************************************************* *****************
' A constant that specifies a registration trigger.
const TriggerTypeRegistration = 7
' A constant that specifies an executable action.
const ActionTypeExecutable = 0
' A constant that specifies the flag in RegisterTaskDefinition.
const FlagTaskCreate = 2
' A constant that specifies an executable action.
const LogonTypeInteractive = 3
If WScript.Arguments.Length <> 2 Then
WScript.Echo "Usage: wscript schedulescript.wsf <AppName> <AppPath>"
End If
strAppName = WScript.Arguments(0)
strAppPath = WScript.Arguments(1)
'************************************************* *****************
' Create the TaskService object.
'************************************************* *****************
Set service = CreateObject("Schedule.Service")
call service.Connect()
strTaskName = "Launch " & strAppName
'************************************************* *****************
' Get a folder to create a task definition in.
'************************************************* *****************
Dim rootFolder
Set rootFolder = service.GetFolder("\")
'************************************************* *****************
'Delete the task if already present
'************************************************* *****************
On Error Resume Next
call rootFolder.DeleteTask(strTaskName, 0)
'************************************************* *****************
' Create the new task
'************************************************* *****************
Dim taskDefinition
Set taskDefinition = service.NewTask(0)
'************************************************* *****************
' Create a registration trigger.
'************************************************* *****************
Dim triggers
Set triggers = taskDefinition.Triggers
Dim trigger
Set trigger = triggers.Create(TriggerTypeRegistration)
'************************************************* ********************
' Create the action for the task to execute.
'************************************************* ********************
' Add an action to the task. The action executes the app.
Dim Action
Set Action = taskDefinition.Actions.Create( ActionTypeExecutable )
Action.Path = strAppPath
'************************************************* ********************
' Register (create) the task.
'************************************************* ********************
call rootFolder.RegisterTaskDefinition( strTaskName, taskDefinition,
FlagTaskCreate, , , LogonTypeInteractive)

Open in new window

Sorry, I should have introduced the previous post, I had the problem where being a local administrator prevented my network drives from being mapped, and the solution above is the same solution I posted at google forums some time ago.

Going back to the first posts, I'm having the same issue with UAC, and my work-around is to simply have two sessions open -- one with my domain account and the other with the local administrator account.  I switch users back and forth as required.  What a pain!  But it beats rebooting the machine every time I would need to turn UAC on or off.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.