Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Permissions on Windows 2012 Server

Posted on 2013-11-05
16
Medium Priority
?
341 Views
Last Modified: 2013-11-07
I am a local admin.   I grabbed a file off a share on another box.  When I try to paste it ANYWHERE BUT my user folder, I get permission errors telling me I must be an admin to paste to the location.  I even changed the settings on the paste location to allow everyone full control but still get the error.

Interestingly, I get similar permission WARNINGS on my local Windows 8 box.  Meaning that I get warned that I must be an admin to paste the file or change the name of a file, etc, but I am still allowed to do it after clicking "continue"

Anyway, back to the 2012 server, what gives?
0
Comment
Question by:cat4larry
  • 8
  • 7
16 Comments
 
LVL 11

Expert Comment

by:Louis01
ID: 39626496
Are you logging on to the machine or a domain?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39626552
Hi.

Sadly, UAC has been around for 7 years now and still people have the same problems understanding it. There are protected locations which you cannot write into without elevating.
Elevation is triggered by two factors here: the need to make use of your administrative powers to get past the ACL and the second is the same need but this time with integrity levels.

So if you modify the ACL and give your own account (and NOT the group administrators) modify-privileges to the folder, there is still the integrity level check that you can only go past after elevating. The IL can be modified using icacls.
0
 

Author Comment

by:cat4larry
ID: 39628524
I suppose I don't completely understand UAC although I find it very counter-intuitive.  If I'm an admin on the box, I log in locally and UAC is set to it's lowest setting I shouldn't encounter any problems move files around IMHO.

I'll look into elevating my IL.

Thanks
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 57

Accepted Solution

by:
McKnife earned 2000 total points
ID: 39628545
The lowest setting is at the bootom, right? Or what do you call "lowest"? Because at the bottom means it is off. After turning it off AND doing a restart you should not encounter any folder restrictions. You really do, I mean, is it really off and restarted?
0
 

Author Comment

by:cat4larry
ID: 39628584
Ah, yes it is off but NO i have not rebooted the server.  Is there a service I can restart instead of rebooting the whole server?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39628594
Sorry, no.
0
 

Author Comment

by:cat4larry
ID: 39628610
Thanks for your help.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39628619
Why did you close it, is the matter solved?
0
 

Author Comment

by:cat4larry
ID: 39628710
Yep
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39628737
Ok, please acknowledge that turning off UAC has side effects that might not be wanted. In fact, it is not only used for security concerns but also application compatibility.
And your original problem is not really one: protected areas are c:\windows, C:\ProgramData, c:\program files and the root of c:, that's all.
0
 

Author Comment

by:cat4larry
ID: 39629022
actually, I rebooted the server and still have the same issue.  So i'm going to have to look into elevating the IL and see what happens.

as you pointed out c: is a protected area. that said on my win 8 machine I cannot ftp a file down to the root of c:.  very frustrating.  I'm an admin and have UAC turned off.  again, this seems to me to be very counter-intuitive.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39629031
> again, this seems to me to be very counter-intuitive.
Well... c: is used by virii because it is a known path, that's why it is restricted, since Windows xp, only Admins may write there. You may (as any user) create Folders on c: and write to them as you like. That said, it should work with UAC off, works for me to create files directly on c: and will work with clean installations - I have no idea what is happening at your side.

Probably the UAC does not stay off for some reason? Please check that.
0
 

Author Comment

by:cat4larry
ID: 39630681
since Windows xp, only Admins may write there.
that's what I mean by counter-intuitive.  I am an Admin.  If I wasn't I wouldn't think it strange that I can't write there.  Like you said, I'll have to look into it.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39630803
Since the UAC technology is present, admin= user. elevated admin=admin.
0
 

Author Comment

by:cat4larry
ID: 39631688
Well, I read an article, did a little regedit hacking and was able to turn off UAC altogether.  

Apparently, starting in Windows 8 and Server 2012, when you slide the UAC slider to the bottom it still runs in what is called "UAC Silent Mode".

By going to HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\ and then changing "EnableLUA" to a value of 0, you can turn UAC completely off.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39631775
Right, but even using the slider (lowest level), I did succeed. I wonder why you didn't. Weird.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question