[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Various permissions issues appearing - UAC, file shares, security logs

Posted on 2015-02-19
6
Medium Priority
?
65 Views
Last Modified: 2015-03-17
Windows 2012 R2 domain with 2012 and 2008 member servers.  In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine.  Have run netdom verify on the affected member servers - all ok.  Nothing of interest in the logs - although can't get into the security logs as mentioned.
0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618519
There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly.  UAC will prompt for security when logged on the server and trying to local resources.  You could do two things:

1.  Disable UAC
2.  Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells.  There are very few environments where UAC is left off and most people just turn it off.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 40618531
Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed.  This has been the same on every network I've worked on since UAC was invented.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618534
With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:devon-lad
ID: 40618540
Yes, I understand that - but domain admin accounts are being used.  It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 40618587
Sorry - schoolboy error.  I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights.  Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 40670014
Found the problem myself.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question