Solved

Server 2012 - Runas No permissions

Posted on 2013-06-02
3
584 Views
Last Modified: 2013-08-16
Hi All,

We are experiencing an interesting issue with our 2012 servers and using secondary logons and scheduled tasks.

We run our scheduled tasks under a service account - which works fine on earlier OS versions, but with Windows 2012 we are finding that it is not enumerating it's permissions when the scheduled task starts.

Scenario

1. RDP onto Standard windows 2012 server (SERVER1)
2. Create scheduled task to run a batch script copying out of local folder to remote server
3. Set user account to Scheduled Task service account and run even though user is not logged in (option where a password is entered when the task options window is closed).
4. Run scheduled task
5. Nothing.

Key Information

Path being mirrored from \\SERVER1\Group$\RANDD
Path being mirrored to: \\SERVER2\Group$\RANDD

1. The service account (SchedSVC) is a member of "Domain Admins"
2. The "Domain Admins" security group is a member of "SERVER1\Administrators"
3. Share Permissions allows "DOMAIN\Domain Admins" Full Control
3. NTFS Permissions on the folder allows "SERVER\Administrators" Full Control
4. NTFS Permissions on the folder have no denials set

Things I have tried

1. On SERVER 1 - Run scheduled task = FAIL
2. On SERVER 1 - Runas command prompt and CD to D:\Group folder on SERVER1 = Success
3. On SERVER 1 - Runas command prompt and CD to D:\Group\RANDD folder on SERVER1 = Access Denied
4. On SERVER 1 - Runas command prompt and PUSHD to \\SERVER1\Group$ = Access Denied
4. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful
6. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful

On SERVER1

C:\>echo %USERNAME%
schedsvc

C:\>d:

D:\Edinburgh North\Group>cd RANDD
Access is denied.

D:\Edinburgh North\Group>cd\

D:\>pushd \\ausvredn005\group$
Access is denied.

Open in new window


On my W7 machine

C:\>echo %USERNAME%
schedsvc

C:\>pushd \\ausvredn005\group$

X:\>cd randd

X:\RANDD>

Open in new window


In summary - permissions do not appear to be enumerating.
Anyone else have this issue - or have any ideas?

Cheers,
David Wedrat
ScreenShot3376.jpg
0
Comment
Question by:auscoit
  • 2
3 Comments
 
LVL 8

Assisted Solution

by:stehardy88
stehardy88 earned 500 total points
ID: 39395838
We had this with Windows 8, and using Run As commands to network paths...

We set the below registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Open in new window


which resolved our issue on Win 8...
0
 

Accepted Solution

by:
auscoit earned 0 total points
ID: 39400675
Hi stehard88,

Your suggestion did not work unfortunately, however it did lead me to find that UAC was not completely turned off!

Apparently in Server 2012 setting the UAC notification level to "Never Notify" is not enough like it was in earlier OS'.

You also need to set the following key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000

Open in new window

Restart to take effect.

Problem solved!

More information here:
http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
0
 

Author Closing Comment

by:auscoit
ID: 39413870
Further research revealed an issue that was causing the problem.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now