Solved

Various permissions issues appearing - UAC, file shares, security logs

Posted on 2015-02-19
6
62 Views
Last Modified: 2015-03-17
Windows 2012 R2 domain with 2012 and 2008 member servers.  In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine.  Have run netdom verify on the affected member servers - all ok.  Nothing of interest in the logs - although can't get into the security logs as mentioned.
0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618519
There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly.  UAC will prompt for security when logged on the server and trying to local resources.  You could do two things:

1.  Disable UAC
2.  Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells.  There are very few environments where UAC is left off and most people just turn it off.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 40618531
Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed.  This has been the same on every network I've worked on since UAC was invented.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618534
With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 1

Author Comment

by:devon-lad
ID: 40618540
Yes, I understand that - but domain admin accounts are being used.  It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 40618587
Sorry - schoolboy error.  I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights.  Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 40670014
Found the problem myself.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question