Solved

Server 2012 - Runas No permissions

Posted on 2013-06-02
3
594 Views
Last Modified: 2013-08-16
Hi All,

We are experiencing an interesting issue with our 2012 servers and using secondary logons and scheduled tasks.

We run our scheduled tasks under a service account - which works fine on earlier OS versions, but with Windows 2012 we are finding that it is not enumerating it's permissions when the scheduled task starts.

Scenario

1. RDP onto Standard windows 2012 server (SERVER1)
2. Create scheduled task to run a batch script copying out of local folder to remote server
3. Set user account to Scheduled Task service account and run even though user is not logged in (option where a password is entered when the task options window is closed).
4. Run scheduled task
5. Nothing.

Key Information

Path being mirrored from \\SERVER1\Group$\RANDD
Path being mirrored to: \\SERVER2\Group$\RANDD

1. The service account (SchedSVC) is a member of "Domain Admins"
2. The "Domain Admins" security group is a member of "SERVER1\Administrators"
3. Share Permissions allows "DOMAIN\Domain Admins" Full Control
3. NTFS Permissions on the folder allows "SERVER\Administrators" Full Control
4. NTFS Permissions on the folder have no denials set

Things I have tried

1. On SERVER 1 - Run scheduled task = FAIL
2. On SERVER 1 - Runas command prompt and CD to D:\Group folder on SERVER1 = Success
3. On SERVER 1 - Runas command prompt and CD to D:\Group\RANDD folder on SERVER1 = Access Denied
4. On SERVER 1 - Runas command prompt and PUSHD to \\SERVER1\Group$ = Access Denied
4. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful
6. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful

On SERVER1

C:\>echo %USERNAME%
schedsvc

C:\>d:

D:\Edinburgh North\Group>cd RANDD
Access is denied.

D:\Edinburgh North\Group>cd\

D:\>pushd \\ausvredn005\group$
Access is denied.

Open in new window


On my W7 machine

C:\>echo %USERNAME%
schedsvc

C:\>pushd \\ausvredn005\group$

X:\>cd randd

X:\RANDD>

Open in new window


In summary - permissions do not appear to be enumerating.
Anyone else have this issue - or have any ideas?

Cheers,
David Wedrat
ScreenShot3376.jpg
0
Comment
Question by:auscoit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Assisted Solution

by:stehardy88
stehardy88 earned 500 total points
ID: 39395838
We had this with Windows 8, and using Run As commands to network paths...

We set the below registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Open in new window


which resolved our issue on Win 8...
0
 

Accepted Solution

by:
auscoit earned 0 total points
ID: 39400675
Hi stehard88,

Your suggestion did not work unfortunately, however it did lead me to find that UAC was not completely turned off!

Apparently in Server 2012 setting the UAC notification level to "Never Notify" is not enough like it was in earlier OS'.

You also need to set the following key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000

Open in new window

Restart to take effect.

Problem solved!

More information here:
http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
0
 

Author Closing Comment

by:auscoit
ID: 39413870
Further research revealed an issue that was causing the problem.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question