Solved

Permissions on Windows 2012 Server

Posted on 2013-11-05
16
332 Views
Last Modified: 2013-11-07
I am a local admin.   I grabbed a file off a share on another box.  When I try to paste it ANYWHERE BUT my user folder, I get permission errors telling me I must be an admin to paste to the location.  I even changed the settings on the paste location to allow everyone full control but still get the error.

Interestingly, I get similar permission WARNINGS on my local Windows 8 box.  Meaning that I get warned that I must be an admin to paste the file or change the name of a file, etc, but I am still allowed to do it after clicking "continue"

Anyway, back to the 2012 server, what gives?
0
Comment
Question by:cat4larry
  • 8
  • 7
16 Comments
 
LVL 11

Expert Comment

by:Louis01
ID: 39626496
Are you logging on to the machine or a domain?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39626552
Hi.

Sadly, UAC has been around for 7 years now and still people have the same problems understanding it. There are protected locations which you cannot write into without elevating.
Elevation is triggered by two factors here: the need to make use of your administrative powers to get past the ACL and the second is the same need but this time with integrity levels.

So if you modify the ACL and give your own account (and NOT the group administrators) modify-privileges to the folder, there is still the integrity level check that you can only go past after elevating. The IL can be modified using icacls.
0
 

Author Comment

by:cat4larry
ID: 39628524
I suppose I don't completely understand UAC although I find it very counter-intuitive.  If I'm an admin on the box, I log in locally and UAC is set to it's lowest setting I shouldn't encounter any problems move files around IMHO.

I'll look into elevating my IL.

Thanks
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39628545
The lowest setting is at the bootom, right? Or what do you call "lowest"? Because at the bottom means it is off. After turning it off AND doing a restart you should not encounter any folder restrictions. You really do, I mean, is it really off and restarted?
0
 

Author Comment

by:cat4larry
ID: 39628584
Ah, yes it is off but NO i have not rebooted the server.  Is there a service I can restart instead of rebooting the whole server?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628594
Sorry, no.
0
 

Author Comment

by:cat4larry
ID: 39628610
Thanks for your help.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628619
Why did you close it, is the matter solved?
0
 

Author Comment

by:cat4larry
ID: 39628710
Yep
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628737
Ok, please acknowledge that turning off UAC has side effects that might not be wanted. In fact, it is not only used for security concerns but also application compatibility.
And your original problem is not really one: protected areas are c:\windows, C:\ProgramData, c:\program files and the root of c:, that's all.
0
 

Author Comment

by:cat4larry
ID: 39629022
actually, I rebooted the server and still have the same issue.  So i'm going to have to look into elevating the IL and see what happens.

as you pointed out c: is a protected area. that said on my win 8 machine I cannot ftp a file down to the root of c:.  very frustrating.  I'm an admin and have UAC turned off.  again, this seems to me to be very counter-intuitive.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39629031
> again, this seems to me to be very counter-intuitive.
Well... c: is used by virii because it is a known path, that's why it is restricted, since Windows xp, only Admins may write there. You may (as any user) create Folders on c: and write to them as you like. That said, it should work with UAC off, works for me to create files directly on c: and will work with clean installations - I have no idea what is happening at your side.

Probably the UAC does not stay off for some reason? Please check that.
0
 

Author Comment

by:cat4larry
ID: 39630681
since Windows xp, only Admins may write there.
that's what I mean by counter-intuitive.  I am an Admin.  If I wasn't I wouldn't think it strange that I can't write there.  Like you said, I'll have to look into it.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39630803
Since the UAC technology is present, admin= user. elevated admin=admin.
0
 

Author Comment

by:cat4larry
ID: 39631688
Well, I read an article, did a little regedit hacking and was able to turn off UAC altogether.  

Apparently, starting in Windows 8 and Server 2012, when you slide the UAC slider to the bottom it still runs in what is called "UAC Silent Mode".

By going to HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\ and then changing "EnableLUA" to a value of 0, you can turn UAC completely off.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39631775
Right, but even using the slider (lowest level), I did succeed. I wonder why you didn't. Weird.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question