Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2008 Domain Controller - parameter is incorrect (c:\windows\system32)

Posted on 2010-08-19
6
Medium Priority
?
1,123 Views
Last Modified: 2012-05-10
Interesting that I have not encountered but everytime I run any manamgement tool from C:\Windows\System32 (i.e. dsa.msc, dns etc) I get the error "Parameter is incorrect".

I am only able to run tools under Domain "Administrator".....no other account works even if it is in the Domain\Administrators group. I checked permissions on C:\ (root) and \Windows\System32 and permission are inherited from Root drive with Domain\Administrators in the ACL but it does not work. I can only use the tools as the Administrator

I can only assume this is some extended 2008 security feature. I looked at UAC and made changes but no results.

Please give some insight.

Thanks
0
Comment
Question by:MGA2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33481316
Hello !

Try to redo the association of msc files withh mmc.exe.

Maybe the association in HKCR is wrong but the Admin account has something different under HKCU\Software\Classes...

Syldra
0
 

Author Comment

by:MGA2
ID: 33488986
did not work..any other thoughts? I was not sure what you referring with HKCU
0
 

Author Comment

by:MGA2
ID: 33489375
what is interesting is the the Domain "Administrator" which is part of the Domain\Administrators group. I am using a user account that is part of that same group and Domain\Administrators has Full access at Root C:\ drive and down. For some reason only the "Administrator" can run the tools.
Never seen this prior to 2008. Not sure what enhanced Security of other reason this is occuring but it is odd.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33489474
Hello !

Not sure it's an enhance security measure as much as a configuration error.

Clone the Administrator account (name it Test_Admin or whatever) and try with that user. In all logic, it should work. If it does, clone a non-working user (name it Test_Not_Admin) and try. It should not work. Now copy the Administrator profile over that new user's profile (you know how ?). Try again. If, as I believe, there's an error in the registry, it will work. If you are correct and it's some security measure, it will not.

I have another idea but no time to write it down now.

Syldra
0
 

Author Comment

by:MGA2
ID: 33513228
@SylvainDrapeau,

Cloning does not work. I also copied the Administrator profile and still same results
This is a newly installed system so very little changes since OS build and DC services installed.

Note: server running on top of VMWare ESXi Hypervisor

0
 

Accepted Solution

by:
MGA2 earned 0 total points
ID: 33513716
@SylvainDrapeau,

I have resolved this myself. UAC needed to be "disabled" (do you know how?) Of course UAC is a new "security" feature in Vista/2008 OS. It is enabled by default

Go to Local Policies --> User Account Control: Run all administrators in Admin Approval Mode (Disable)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question