?
Solved

Cannot change permissions in Windows 2008 windows folder (cmd.exe)?

Posted on 2009-07-10
6
Medium Priority
?
5,786 Views
Last Modified: 2012-05-07
Hi all,
 
  I have some problems with setting permissions on the file "cmd.exe" (which is required for some php appliction). I can change permissions on any given folder/file without problems, but within the Windows directory all "add", "remove" etc. buttons are disabled.

How do I enable the possibility to alter permissions in the Windows dir?

Many thanks!

Chris
0
Comment
Question by:HidDS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Expert Comment

by:javiersantana
ID: 24827569
Well, the windows folder is a system folder... Why would you need to modify permissions to cmd.exe? Because by default cmd doesn't open with admin privilages in server 2008?
0
 

Author Comment

by:HidDS
ID: 24829658
I need PHP to run an application (FFMPEG), but it refuses / returns no values. The command is good (it works when you run it from the command line), so I figured the webserver (IIS) must have the appropriate rights on the cmd.exe file.

There must be a way to be able to change this permissions? (Turn of some security somewhere?).
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24830024
Look for 'Run as administrator' submenu when right-clicking the folder and choose properties from the admin-submenu.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:HidDS
ID: 24833880
I can run cmd.exe as administrator, but when pressing properties I still can't add/edit users (groups) or alter rights for the application.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 1500 total points
ID: 24834534
What I ment is that it's sometimes a submenu on the context menu when right-clicking the folder for administrative tasks to reach the properties dialog with administrative privileges.
I've seen this behavior with the disabled Add/Remove-buttons before on some of our 2008 servers and the buttons were only accessible through a special administrative properties dialog by using the submenu I described, but I don't remember exactly when/where this occured, but it can be that we've patched the servers to change this functionality as I can't recreate the issue. When displaying Properties now, I have an UAC-button labeled Edit instead of Add/Remove.

If you can't do it through the GUI, do it with the admin command prompt
cacls path-to-file /E /G usergroup:<perm>

When re-reading question, what permissions are you expecting to set on cmd.exe? All users have normally Read, which is necessary to execute the program. Restricting/allowing access to command prompt can be done by modifying the following policy setting
User Configuration\Administrative Templates\System\Prevent access to the command prompt
0
 

Expert Comment

by:islandjoe
ID: 34405414
Had a similar issue with 2008 server.  At first could not click add/modify (greyed out)  Disabled UAC (control panel / users) and rebooted.  Fixed that but could not change (access denied).  Took ownership of cmd.exe from trusted installer and then was able to add IUSR with read/execute.  
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question