Impersonating Domain accounts on DMZ Servers

We currently have a total of 8 web servers in our dmz. 4 running Windows 2008 64 bitwhich have been in operation for years and 4 running Windows 2008 R2 which have been added recently. We have applications which use domain accounts that access these servers to retrieve files and move them to another location.

To do this we created a local account on the dmz server with the same user name and password as the domain account and adding the account to the local administrators group.. this has worked for years on the older servers. But, when i log onto a domain server using the domain account and try to access C$ or any other folders on the newer servers I get access denied. However, if i do this and supply credentials for the local administrator account on the dmz server, it connects with no problem. Then if i close that and connect again without supplying local administrator  credentials, it connects.

Then, if i log off and back on, the problem returns.

Is there something that needs to be done differently on the servers running R2? Or am i missing something else in the configuration? I have compared the local accounts on all 8 servers and the account has the same permissions on all servers.
Eddie CrosbyAsked:
Who is Participating?
 
Randy DownsOWNERCommented:
Maybe this thread will help.

Here are a couple of suggestions from it.

Turn off UAC and this behavior goes away.  
-------------------------------------------
registry::HKEY_LOCAL_MACHINE_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system; key = EnableLUA

Make sure it is set to Value 0 to disable
0
 
Eddie CrosbyAuthor Commented:
Thanks for the information. Turing off UAC solved the issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.