?
Solved

Various permissions issues appearing - UAC, file shares, security logs

Posted on 2015-02-19
6
Medium Priority
?
66 Views
Last Modified: 2015-03-17
Windows 2012 R2 domain with 2012 and 2008 member servers.  In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine.  Have run netdom verify on the affected member servers - all ok.  Nothing of interest in the logs - although can't get into the security logs as mentioned.
0
Comment
Question by:devon-lad
  • 4
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618519
There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly.  UAC will prompt for security when logged on the server and trying to local resources.  You could do two things:

1.  Disable UAC
2.  Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells.  There are very few environments where UAC is left off and most people just turn it off.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 40618531
Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed.  This has been the same on every network I've worked on since UAC was invented.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40618534
With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 1

Author Comment

by:devon-lad
ID: 40618540
Yes, I understand that - but domain admin accounts are being used.  It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 40618587
Sorry - schoolboy error.  I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights.  Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 40670014
Found the problem myself.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question