2008 Domain Controller - parameter is incorrect (c:\windows\system32)

Interesting that I have not encountered but everytime I run any manamgement tool from C:\Windows\System32 (i.e. dsa.msc, dns etc) I get the error "Parameter is incorrect".

I am only able to run tools under Domain "Administrator".....no other account works even if it is in the Domain\Administrators group. I checked permissions on C:\ (root) and \Windows\System32 and permission are inherited from Root drive with Domain\Administrators in the ACL but it does not work. I can only use the tools as the Administrator

I can only assume this is some extended 2008 security feature. I looked at UAC and made changes but no results.

Please give some insight.

Thanks
MGA2Asked:
Who is Participating?
 
MGA2Connect With a Mentor Author Commented:
@SylvainDrapeau,

I have resolved this myself. UAC needed to be "disabled" (do you know how?) Of course UAC is a new "security" feature in Vista/2008 OS. It is enabled by default

Go to Local Policies --> User Account Control: Run all administrators in Admin Approval Mode (Disable)
0
 
SylvainDrapeauCommented:
Hello !

Try to redo the association of msc files withh mmc.exe.

Maybe the association in HKCR is wrong but the Admin account has something different under HKCU\Software\Classes...

Syldra
0
 
MGA2Author Commented:
did not work..any other thoughts? I was not sure what you referring with HKCU
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
MGA2Author Commented:
what is interesting is the the Domain "Administrator" which is part of the Domain\Administrators group. I am using a user account that is part of that same group and Domain\Administrators has Full access at Root C:\ drive and down. For some reason only the "Administrator" can run the tools.
Never seen this prior to 2008. Not sure what enhanced Security of other reason this is occuring but it is odd.
0
 
SylvainDrapeauCommented:
Hello !

Not sure it's an enhance security measure as much as a configuration error.

Clone the Administrator account (name it Test_Admin or whatever) and try with that user. In all logic, it should work. If it does, clone a non-working user (name it Test_Not_Admin) and try. It should not work. Now copy the Administrator profile over that new user's profile (you know how ?). Try again. If, as I believe, there's an error in the registry, it will work. If you are correct and it's some security measure, it will not.

I have another idea but no time to write it down now.

Syldra
0
 
MGA2Author Commented:
@SylvainDrapeau,

Cloning does not work. I also copied the Administrator profile and still same results
This is a newly installed system so very little changes since OS build and DC services installed.

Note: server running on top of VMWare ESXi Hypervisor

0
All Courses

From novice to tech pro — start learning today.