?
Solved

Various permissions issues appearing - UAC, file shares, security logs

Posted on 2015-02-19
6
Medium Priority
?
63 Views
Last Modified: 2015-03-17
Windows 2012 R2 domain with 2012 and 2008 member servers.  In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine.  Have run netdom verify on the affected member servers - all ok.  Nothing of interest in the logs - although can't get into the security logs as mentioned.
0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618519
There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly.  UAC will prompt for security when logged on the server and trying to local resources.  You could do two things:

1.  Disable UAC
2.  Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells.  There are very few environments where UAC is left off and most people just turn it off.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 40618531
Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed.  This has been the same on every network I've worked on since UAC was invented.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618534
With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:devon-lad
ID: 40618540
Yes, I understand that - but domain admin accounts are being used.  It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 40618587
Sorry - schoolboy error.  I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights.  Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 40670014
Found the problem myself.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question