Solved

Permissions on Windows 2012 Server

Posted on 2013-11-05
16
333 Views
Last Modified: 2013-11-07
I am a local admin.   I grabbed a file off a share on another box.  When I try to paste it ANYWHERE BUT my user folder, I get permission errors telling me I must be an admin to paste to the location.  I even changed the settings on the paste location to allow everyone full control but still get the error.

Interestingly, I get similar permission WARNINGS on my local Windows 8 box.  Meaning that I get warned that I must be an admin to paste the file or change the name of a file, etc, but I am still allowed to do it after clicking "continue"

Anyway, back to the 2012 server, what gives?
0
Comment
Question by:cat4larry
  • 8
  • 7
16 Comments
 
LVL 11

Expert Comment

by:Louis01
ID: 39626496
Are you logging on to the machine or a domain?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39626552
Hi.

Sadly, UAC has been around for 7 years now and still people have the same problems understanding it. There are protected locations which you cannot write into without elevating.
Elevation is triggered by two factors here: the need to make use of your administrative powers to get past the ACL and the second is the same need but this time with integrity levels.

So if you modify the ACL and give your own account (and NOT the group administrators) modify-privileges to the folder, there is still the integrity level check that you can only go past after elevating. The IL can be modified using icacls.
0
 

Author Comment

by:cat4larry
ID: 39628524
I suppose I don't completely understand UAC although I find it very counter-intuitive.  If I'm an admin on the box, I log in locally and UAC is set to it's lowest setting I shouldn't encounter any problems move files around IMHO.

I'll look into elevating my IL.

Thanks
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39628545
The lowest setting is at the bootom, right? Or what do you call "lowest"? Because at the bottom means it is off. After turning it off AND doing a restart you should not encounter any folder restrictions. You really do, I mean, is it really off and restarted?
0
 

Author Comment

by:cat4larry
ID: 39628584
Ah, yes it is off but NO i have not rebooted the server.  Is there a service I can restart instead of rebooting the whole server?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628594
Sorry, no.
0
 

Author Comment

by:cat4larry
ID: 39628610
Thanks for your help.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628619
Why did you close it, is the matter solved?
0
 

Author Comment

by:cat4larry
ID: 39628710
Yep
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39628737
Ok, please acknowledge that turning off UAC has side effects that might not be wanted. In fact, it is not only used for security concerns but also application compatibility.
And your original problem is not really one: protected areas are c:\windows, C:\ProgramData, c:\program files and the root of c:, that's all.
0
 

Author Comment

by:cat4larry
ID: 39629022
actually, I rebooted the server and still have the same issue.  So i'm going to have to look into elevating the IL and see what happens.

as you pointed out c: is a protected area. that said on my win 8 machine I cannot ftp a file down to the root of c:.  very frustrating.  I'm an admin and have UAC turned off.  again, this seems to me to be very counter-intuitive.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39629031
> again, this seems to me to be very counter-intuitive.
Well... c: is used by virii because it is a known path, that's why it is restricted, since Windows xp, only Admins may write there. You may (as any user) create Folders on c: and write to them as you like. That said, it should work with UAC off, works for me to create files directly on c: and will work with clean installations - I have no idea what is happening at your side.

Probably the UAC does not stay off for some reason? Please check that.
0
 

Author Comment

by:cat4larry
ID: 39630681
since Windows xp, only Admins may write there.
that's what I mean by counter-intuitive.  I am an Admin.  If I wasn't I wouldn't think it strange that I can't write there.  Like you said, I'll have to look into it.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39630803
Since the UAC technology is present, admin= user. elevated admin=admin.
0
 

Author Comment

by:cat4larry
ID: 39631688
Well, I read an article, did a little regedit hacking and was able to turn off UAC altogether.  

Apparently, starting in Windows 8 and Server 2012, when you slide the UAC slider to the bottom it still runs in what is called "UAC Silent Mode".

By going to HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\ and then changing "EnableLUA" to a value of 0, you can turn UAC completely off.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39631775
Right, but even using the slider (lowest level), I did succeed. I wonder why you didn't. Weird.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Database ERD 4 27
TSQL XML Namespaces 7 22
Run Stored Procedure uisng ADO 5 20
install report service in sccm2012 3 18
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Viewers will learn how the fundamental information of how to create a table.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question