Solved

Server 2012 - Runas No permissions

Posted on 2013-06-02
3
582 Views
Last Modified: 2013-08-16
Hi All,

We are experiencing an interesting issue with our 2012 servers and using secondary logons and scheduled tasks.

We run our scheduled tasks under a service account - which works fine on earlier OS versions, but with Windows 2012 we are finding that it is not enumerating it's permissions when the scheduled task starts.

Scenario

1. RDP onto Standard windows 2012 server (SERVER1)
2. Create scheduled task to run a batch script copying out of local folder to remote server
3. Set user account to Scheduled Task service account and run even though user is not logged in (option where a password is entered when the task options window is closed).
4. Run scheduled task
5. Nothing.

Key Information

Path being mirrored from \\SERVER1\Group$\RANDD
Path being mirrored to: \\SERVER2\Group$\RANDD

1. The service account (SchedSVC) is a member of "Domain Admins"
2. The "Domain Admins" security group is a member of "SERVER1\Administrators"
3. Share Permissions allows "DOMAIN\Domain Admins" Full Control
3. NTFS Permissions on the folder allows "SERVER\Administrators" Full Control
4. NTFS Permissions on the folder have no denials set

Things I have tried

1. On SERVER 1 - Run scheduled task = FAIL
2. On SERVER 1 - Runas command prompt and CD to D:\Group folder on SERVER1 = Success
3. On SERVER 1 - Runas command prompt and CD to D:\Group\RANDD folder on SERVER1 = Access Denied
4. On SERVER 1 - Runas command prompt and PUSHD to \\SERVER1\Group$ = Access Denied
4. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful
6. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful

On SERVER1

C:\>echo %USERNAME%
schedsvc

C:\>d:

D:\Edinburgh North\Group>cd RANDD
Access is denied.

D:\Edinburgh North\Group>cd\

D:\>pushd \\ausvredn005\group$
Access is denied.

Open in new window


On my W7 machine

C:\>echo %USERNAME%
schedsvc

C:\>pushd \\ausvredn005\group$

X:\>cd randd

X:\RANDD>

Open in new window


In summary - permissions do not appear to be enumerating.
Anyone else have this issue - or have any ideas?

Cheers,
David Wedrat
ScreenShot3376.jpg
0
Comment
Question by:auscoit
  • 2
3 Comments
 
LVL 8

Assisted Solution

by:stehardy88
stehardy88 earned 500 total points
Comment Utility
We had this with Windows 8, and using Run As commands to network paths...

We set the below registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Open in new window


which resolved our issue on Win 8...
0
 

Accepted Solution

by:
auscoit earned 0 total points
Comment Utility
Hi stehard88,

Your suggestion did not work unfortunately, however it did lead me to find that UAC was not completely turned off!

Apparently in Server 2012 setting the UAC notification level to "Never Notify" is not enough like it was in earlier OS'.

You also need to set the following key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000

Open in new window

Restart to take effect.

Problem solved!

More information here:
http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
0
 

Author Closing Comment

by:auscoit
Comment Utility
Further research revealed an issue that was causing the problem.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now