asked on
no UAC prompt
Hello,
I've got a rather annoying problem on a SBS 2008 Server:
When I try to start a program that schould give me a UAC prompt, nothing happens.
If I try to start it from start menu then even the start menu doesn't work anymore.
Only stopping the explorer task in task manager makes the start menu accessible again.
I hope there's someone who can help me.
Kind regards,
Kaspar
I've got a rather annoying problem on a SBS 2008 Server:
When I try to start a program that schould give me a UAC prompt, nothing happens.
If I try to start it from start menu then even the start menu doesn't work anymore.
Only stopping the explorer task in task manager makes the start menu accessible again.
I hope there's someone who can help me.
Kind regards,
Kaspar
SBSWindows Server 2008
Last Comment
mipy
WOw. Most people try and shut that off and you want to intentionally turn it on? :) Try the Vista fix. Start=>run=>msconfig. Click on the tools tab on top and scroll down to "Enable UAC". Launch it ...
Check the user settings on the Vista box itself to make sure they did not disable it.
If they have disabled, enable it, then reboot.
Here are the GP settings to prevent that from happening again:
http://blog.mpecsinc.ca/2009/01/sbs-2008-enable-uac-by-default-in-group.html
Philip
If they have disabled, enable it, then reboot.
Here are the GP settings to prevent that from happening again:
http://blog.mpecsinc.ca/2009/01/sbs-2008-enable-uac-by-default-in-group.html
Philip
ASKER
Maybe I was not clear about my problem:
for example:
I want to start DNS-Console. I click on 'DNS' and then there should be UAC prompt and then the should be the DNS management console.
But there is no UAC and no DNS console.
There is also no msconfig (because there would be a UAC prompt before).
No regedit, nothing that would need administrative rights.
I can start SQL manager or explorer. But if I want to start it 'runas Administrator' then nothing happens.
So that's my problem. Not turning off or on UAC.
Kind regards,
Kaspar
for example:
I want to start DNS-Console. I click on 'DNS' and then there should be UAC prompt and then the should be the DNS management console.
But there is no UAC and no DNS console.
There is also no msconfig (because there would be a UAC prompt before).
No regedit, nothing that would need administrative rights.
I can start SQL manager or explorer. But if I want to start it 'runas Administrator' then nothing happens.
So that's my problem. Not turning off or on UAC.
Kind regards,
Kaspar
How new is the server? Has the admin account's password changed recently and the console session has not been logged off?
Start-->Run-->GPUpdate /Force
Does it throw any codes?
Philip
Start-->Run-->GPUpdate /Force
Does it throw any codes?
Philip
Oh. Different senario completely. One more question ...
Your state "Only stopping the explorer task in task manager makes the start menu accessible again". I am taking this to mean that the program starts, you just can see it on the screen correct?
Your state "Only stopping the explorer task in task manager makes the start menu accessible again". I am taking this to mean that the program starts, you just can see it on the screen correct?
ASKER
The server is very new. Admin password didn't change.
'gpudate /force' threw some codes about folder redirection I configured yesterday that would work only after logging in again. (But today it already worked the whole day)
Logged out and in, but that didn't help.
Kaspar
'gpudate /force' threw some codes about folder redirection I configured yesterday that would work only after logging in again. (But today it already worked the whole day)
Logged out and in, but that didn't help.
Kaspar
Start-->Compmgmt.msc [Enter]
Does it come up and if it does, what do the logs say?
Philip
Does it come up and if it does, what do the logs say?
Philip
Your state "Only stopping the explorer task in task manager makes the start menu accessible again". I am taking this to mean that the program starts, you just can see it on the screen correct?
Are you doing desktop redirection for administrator?
Are you doing desktop redirection for administrator?
ASKER
@jimbecher:
No I can't see the program and it doesn't start.
If I try to start a programm that should show UAC prompt from start menu then the start menu becomes useless:
That means: If I click on "Start" the start menu shows up, but there are no reactions to clicking on program links.
BTW: Right-klick on 'Start' gives me the usual options (explorer) and it can also be started.
Kaspar
No I can't see the program and it doesn't start.
If I try to start a programm that should show UAC prompt from start menu then the start menu becomes useless:
That means: If I click on "Start" the start menu shows up, but there are no reactions to clicking on program links.
BTW: Right-klick on 'Start' gives me the usual options (explorer) and it can also be started.
Kaspar
ASKER
@philip:
No it doesn't show up. I can't access event logs. :(
No it doesn't show up. I can't access event logs. :(
Any updates applied to the server just prior to this happening?
Can you reboot into Safe Mode (probably after hours?).
What third party A/V are you running if any?
Philip
Can you reboot into Safe Mode (probably after hours?).
What third party A/V are you running if any?
Philip
ASKER
There's no desktop redirection and if I use another admin account the problem still exists.
ASKER
I'm running Ikarus Antivirus (I installed it two days ago). It's a candidate to be the reason for the problem, but it already worked flawless for the last two days.
ASKER
I'm booting now to save mode. (Rebooting didn't help.) It's midnight in Austria. So there's no prob ;-)
Can you start any programs from within taskmgr? Even as far as invoking explorer a second time?
Never heard of the A/V. I suggest uninstalling.
Philip
Philip
ASKER
I can start programs from start manager, I can also invoke explorer.
But I can't start programs that would bring up UAC prompt. I tried it and task manager became inaccessible.
What I did today was disabling IP6, I will reenable it - but I don't think that's the reason.
But I can't start programs that would bring up UAC prompt. I tried it and task manager became inaccessible.
What I did today was disabling IP6, I will reenable it - but I don't think that's the reason.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
ok, I enabled IPv6. Let's see.
Kaspar
Kaspar
I suggest dropping the A/V too!
Philip
Philip
We have seen a very exclusive group of A/V manufacturers that have met SBS 2008 standards for install/stability due to its unique nature. There is a need to be very careful about running third party stuff on top of SBS.
Philip
Philip
ASKER
Thanks a lot.
Enabled IPv6 and works like it should.
Kaspar
Enabled IPv6 and works like it should.
Kaspar
UAC came back?
Philip
Philip
ASKER
Thank you for your assitance and time. You helped me a lot!!
Kaspar
Kaspar
The internet is chock full of problems with UAC. I am kind of at a dis-advantage because the very first thing I did to my SBS 2008 was disable UAC :) so I can no longer tell which programs invoke UAC and which don't. Here are several methods:
http://technet.microsoft.com/en-us/library/cc709691.aspx
http://technet.microsoft.com/en-us/library/cc709691.aspx
ASKER
UAC is back again. And most important: The applications start again. I can access event log, mmc, ... again.
ASKER
@jimbecher
Yes, would be interesting to disable UAC and then disable IPv6. If the missing UAC would prevent the problem with the administrative programs.
But not on this server. And not tonight. It's time for bed.
Btw.: There were some other problems in the event log because of disabled IPv6. Mostly concerning Exchange server.
Kaspar
Yes, would be interesting to disable UAC and then disable IPv6. If the missing UAC would prevent the problem with the administrative programs.
But not on this server. And not tonight. It's time for bed.
Btw.: There were some other problems in the event log because of disabled IPv6. Mostly concerning Exchange server.
Kaspar
Disabling UAC on SBS is not a good idea at all. It is there for a reason.
Philip
Philip
Kind of like on Vista huh :)
Yes.
In fact, UAC on Vista has been proven to reduce exposure to malware threats significantly when the user understands why they are being prompted and clicks "Cancel". No door open = no malware infection.
Philip
In fact, UAC on Vista has been proven to reduce exposure to malware threats significantly when the user understands why they are being prompted and clicks "Cancel". No door open = no malware infection.
Philip
OK. So you let your users sit down at the server and surf the net? UAC is one of those affairs that Microsoft has totally re-evaluated in Windows 7 because of all the problems and complaints they have had about it. It is a plain and simple case if a few (with no common sense) wrecking it for the many ...
Not sure where you are coming from?
For our client servers as well as our own, we do not disable any security based features as a best practice for us. They are there for our protection, and given the nature of server based malware infections we have seen, UAC would have probably helped to eliminate many of them.
Win7 still has UAC and it will still be enabled via GP on our networks. Users do not see UAC unless something is being installed or updated. They are trained to know the difference between good and bad times for the prompt. BTW, they also run as Standard Users.
Philip
For our client servers as well as our own, we do not disable any security based features as a best practice for us. They are there for our protection, and given the nature of server based malware infections we have seen, UAC would have probably helped to eliminate many of them.
Win7 still has UAC and it will still be enabled via GP on our networks. Users do not see UAC unless something is being installed or updated. They are trained to know the difference between good and bad times for the prompt. BTW, they also run as Standard Users.
Philip
You said UAC is good to prevent Malware threats. What does malware come from? Remember we are talking server here. Unless you let users sit down at the server and surf the net or let them bring in floppy disk or Cds from home and let them sit ate the server and use them then the threat of malware attacking the server is virtually zero. The only people that should be using the server are administrators who know very well the dangers of malware and know better then to do anything on the server but administrate.
UAC more times then not can confuse the daylights out of a user. I did not say that Windows 7 doesn't have UAC. I stated that "UAC is one of those affairs that Microsoft has totally re-evaluated in Windows 7 because of all the problems and complaints they have had about it". They completely over-killed and especially on the server. 10 minute tweaks take 20 minutes to do because 10 minutes are wasted on UAC and that is if UAC runs properly and doesn't crash the server.
UAC has its place but, as Microsoft is doing in Windows 7, needs to be re-evauluated and revamped.
UAC more times then not can confuse the daylights out of a user. I did not say that Windows 7 doesn't have UAC. I stated that "UAC is one of those affairs that Microsoft has totally re-evaluated in Windows 7 because of all the problems and complaints they have had about it". They completely over-killed and especially on the server. 10 minute tweaks take 20 minutes to do because 10 minutes are wasted on UAC and that is if UAC runs properly and doesn't crash the server.
UAC has its place but, as Microsoft is doing in Windows 7, needs to be re-evauluated and revamped.
Vulnerabilities are one door that no one may know about at this point. One does not need to be at the server console for the vulnerability to be exploited from a compromised machine somewhere on the network. The console is but one attack vector.
UAC with the right training does not confuse users in my experience?
We shall agree to disagree. :)
Philip
UAC with the right training does not confuse users in my experience?
We shall agree to disagree. :)
Philip
But lets face it, on SBS2008, a network administrator should be able to bin UAC completely....I dont expect to have to click my mouse 32 times just to get to the Exchange store.
I am of the opinion that one does not sacrifice an extra layer of security, the UAC/Secure Desktop may be the only barrier between a production server and being owned, for a little extra convenience.
It takes anywhere from 6-15 hours to set up a complete SBS OS with all of the post OS configuration and Line of Business apps, I think sacrificing what may end up being less than a minute of life to ALT+C (who uses the mouse anyway) is worth it. :)
Philip
It takes anywhere from 6-15 hours to set up a complete SBS OS with all of the post OS configuration and Line of Business apps, I think sacrificing what may end up being less than a minute of life to ALT+C (who uses the mouse anyway) is worth it. :)
Philip
Like it or loath it, the fact that having IPv6 disabled actually breaks UAC is incredibly stupid.
I hadn't disabled it, but was having problems with the NIC, which resulted in the same problem.
However, the main reason for my comment is to say thank you for this post, without it I would not have had any sleep at all tonight!
I hadn't disabled it, but was having problems with the NIC, which resulted in the same problem.
However, the main reason for my comment is to say thank you for this post, without it I would not have had any sleep at all tonight!