Solved

Server 2012 - Runas No permissions

Posted on 2013-06-02
3
588 Views
Last Modified: 2013-08-16
Hi All,

We are experiencing an interesting issue with our 2012 servers and using secondary logons and scheduled tasks.

We run our scheduled tasks under a service account - which works fine on earlier OS versions, but with Windows 2012 we are finding that it is not enumerating it's permissions when the scheduled task starts.

Scenario

1. RDP onto Standard windows 2012 server (SERVER1)
2. Create scheduled task to run a batch script copying out of local folder to remote server
3. Set user account to Scheduled Task service account and run even though user is not logged in (option where a password is entered when the task options window is closed).
4. Run scheduled task
5. Nothing.

Key Information

Path being mirrored from \\SERVER1\Group$\RANDD
Path being mirrored to: \\SERVER2\Group$\RANDD

1. The service account (SchedSVC) is a member of "Domain Admins"
2. The "Domain Admins" security group is a member of "SERVER1\Administrators"
3. Share Permissions allows "DOMAIN\Domain Admins" Full Control
3. NTFS Permissions on the folder allows "SERVER\Administrators" Full Control
4. NTFS Permissions on the folder have no denials set

Things I have tried

1. On SERVER 1 - Run scheduled task = FAIL
2. On SERVER 1 - Runas command prompt and CD to D:\Group folder on SERVER1 = Success
3. On SERVER 1 - Runas command prompt and CD to D:\Group\RANDD folder on SERVER1 = Access Denied
4. On SERVER 1 - Runas command prompt and PUSHD to \\SERVER1\Group$ = Access Denied
4. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful
6. From my machine (W7) - Runas command prompt and PUSHD to \\SERVER1\Group$ = Successful

On SERVER1

C:\>echo %USERNAME%
schedsvc

C:\>d:

D:\Edinburgh North\Group>cd RANDD
Access is denied.

D:\Edinburgh North\Group>cd\

D:\>pushd \\ausvredn005\group$
Access is denied.

Open in new window


On my W7 machine

C:\>echo %USERNAME%
schedsvc

C:\>pushd \\ausvredn005\group$

X:\>cd randd

X:\RANDD>

Open in new window


In summary - permissions do not appear to be enumerating.
Anyone else have this issue - or have any ideas?

Cheers,
David Wedrat
ScreenShot3376.jpg
0
Comment
Question by:auscoit
  • 2
3 Comments
 
LVL 8

Assisted Solution

by:stehardy88
stehardy88 earned 500 total points
ID: 39395838
We had this with Windows 8, and using Run As commands to network paths...

We set the below registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Open in new window


which resolved our issue on Win 8...
0
 

Accepted Solution

by:
auscoit earned 0 total points
ID: 39400675
Hi stehard88,

Your suggestion did not work unfortunately, however it did lead me to find that UAC was not completely turned off!

Apparently in Server 2012 setting the UAC notification level to "Never Notify" is not enough like it was in earlier OS'.

You also need to set the following key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000

Open in new window

Restart to take effect.

Problem solved!

More information here:
http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
0
 

Author Closing Comment

by:auscoit
ID: 39413870
Further research revealed an issue that was causing the problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question