Solved

Server 2012 - Runas No permissions

Posted on 2013-06-02
3
590 Views
Last Modified: 2013-08-16
Hi All,

We are experiencing an interesting issue with our 2012 servers and using secondary logons and scheduled tasks.

We run our scheduled tasks under a service account - which works fine on earlier OS versions, but with Windows 2012 we are finding that it is not enumerating it's permissions when the scheduled task starts.

Scenario

1. RDP onto Standard windows 2012 server (SERVER1)
2. Create scheduled task to run a batch script copying out of local folder to remote server
3. Set user account to Scheduled Task service account and run even though user is not logged in (option where a password is entered when the task options window is closed).
4. Run scheduled task
5. Nothing.

Key Information

Path being mirrored from \\SERVER1\Group$\RANDD
Path being mirrored to: \\SERVER2\Group$\RANDD

1. The service account (SchedSVC) is a member of "Domain Admins"
2. The "Domain Admins" security group is a member of "SERVER1\Administrators"
3. Share Permissions allows "DOMAIN\Domain Admins" Full Control
3. NTFS Permissions on the folder allows "SERVER\Administrators" Full Control
4. NTFS Permissions on the folder have no denials set

Things I have tried

1. On SERVER 1 - Run scheduled task = FAIL
2. On SERVER 1 - Runas command prompt and CD to D:\Group folder on SERVER1 = Success
3. On SERVER 1 - Runas command prompt and CD to D:\Group\RANDD folder on SERVER1 = Access Denied
4. On SERVER 1 - Runas command prompt and PUSHD to \\SERVER1\Group$ = Access Denied
4. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful
6. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful

On SERVER1

C:\>echo %USERNAME%
schedsvc

C:\>d:

D:\Edinburgh North\Group>cd RANDD
Access is denied.

D:\Edinburgh North\Group>cd\

D:\>pushd \\ausvredn005\group$
Access is denied.

Open in new window


On my W7 machine

C:\>echo %USERNAME%
schedsvc

C:\>pushd \\ausvredn005\group$

X:\>cd randd

X:\RANDD>

Open in new window


In summary - permissions do not appear to be enumerating.
Anyone else have this issue - or have any ideas?

Cheers,
David Wedrat
ScreenShot3376.jpg
0
Comment
Question by:auscoit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Assisted Solution

by:stehardy88
stehardy88 earned 500 total points
ID: 39395838
We had this with Windows 8, and using Run As commands to network paths...

We set the below registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Open in new window


which resolved our issue on Win 8...
0
 

Accepted Solution

by:
auscoit earned 0 total points
ID: 39400675
Hi stehard88,

Your suggestion did not work unfortunately, however it did lead me to find that UAC was not completely turned off!

Apparently in Server 2012 setting the UAC notification level to "Never Notify" is not enough like it was in earlier OS'.

You also need to set the following key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000

Open in new window

Restart to take effect.

Problem solved!

More information here:
http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
0
 

Author Closing Comment

by:auscoit
ID: 39413870
Further research revealed an issue that was causing the problem.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question