Solved

Various permissions issues appearing - UAC, file shares, security logs

Posted on 2015-02-19
6
57 Views
Last Modified: 2015-03-17
Windows 2012 R2 domain with 2012 and 2008 member servers.  In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine.  Have run netdom verify on the affected member servers - all ok.  Nothing of interest in the logs - although can't get into the security logs as mentioned.
0
Comment
Question by:devon-lad
  • 4
  • 2
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40618519
There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly.  UAC will prompt for security when logged on the server and trying to local resources.  You could do two things:

1.  Disable UAC
2.  Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells.  There are very few environments where UAC is left off and most people just turn it off.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 40618531
Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed.  This has been the same on every network I've worked on since UAC was invented.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40618534
With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 1

Author Comment

by:devon-lad
ID: 40618540
Yes, I understand that - but domain admin accounts are being used.  It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 40618587
Sorry - schoolboy error.  I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights.  Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 40670014
Found the problem myself.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now