Solved

Windows Server 2012 R2 Administrator Privileges

Posted on 2016-08-31
11
24 Views
Last Modified: 2016-09-13
I have just set up a new bank of VPS at GoDaddy. They are replacing another server which my software development teams uses for dev and testing. Now that I have the servers online and am configuring each of them for their specific roles, I have had problems with user account permissions.

When I set the VPS up with GoDaddy, I had to create a user account for myself to access the server through RDP. Once I got those accounts established and started configuring the servers I noticed an odd issue on all of the servers. Most of the tasks I perform require me to either acknowledge that administrator rights are required and click through a warning to perform the action, or I have to launch a program (like Notepad) as an administrator to complete an action.

I understand that the built in administrator has elevated privileges, which are necessary for some actions, but I am being required to provide those credentials for too many activities. I don't have to enter username a password, but I have to click through the elevated privileges often. This is even a requirement when I want to paste a file to a directory on a hard drive partition that I created with my user account which is assigned to the administrator group.

I have several other servers, some are virtual and others dedicated, with several other hosting providers, but I don't have this experience on any of those servers. I have logged in to both a GoDaddy server and one with another hosting provider to compare user account permissions, UAC, HDD owner, etc. for the accounts I use personally on each machine and all of the settings I have checked are identical. This issue has completely stumped me.

I am sure there is something on these GoDaddy VPS devices that I am overlooking, but I can't find it. Can someone offer a suggestion or know of a solution to the problem?
0
Comment
Question by:gacto
  • 6
  • 5
11 Comments
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Did you check the group policy settings for UAC? GPedit.msc > Windows Settings > Security Settings > Local Policies > Security Options.

There are a bunch of UAC options there that change the way it functions. The prompts you're getting are UAC related, so I'd start there if you haven't already check it out.
0
 

Author Comment

by:gacto
Comment Utility
I have looked at those also. Compared to the other servers I have outside of GoDaddy, these UAC settings are identical.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Do you know if there are any GPOs that are applied to the servers? Run RSOP.msc (again, if you haven't) and check the same UAC settings in there. Local policy gets over-ridden by group policy in all cases, so if there is a GPO modifying those settings, GPedit.msc won't show the applied settings,
0
 

Author Comment

by:gacto
Comment Utility
Ok I had not taken this step, as a matter of fact I haven't even heard of it before. When I run this every result under Windows Settings > Security Settings > Local Policies > Security Options have "Not Defined" under the computer setting. When I click on any policy for UAC to edit the settings, all of the options are greyed out.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Ok. That means no group policies are being applied. From here, check the registry to see how it's set:
https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys

It's possible that whatever templates are used by Godaddy have this stuff set in the registry, so check that out next.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:gacto
Comment Utility
Ok I had not compared these before, but they are also exactly the same as my non-GoDaddy servers.
0
 

Accepted Solution

by:
gacto earned 0 total points
Comment Utility
Adam - I finally broke down and got on a support session with GoDaddy and tried to get this resolved. There was no resolution from them. They kept pointing to UAC and their ultimate suggestion was to turn off UAC completely. While I am not necessarily opposed to that, I didn't want to use that as a solution because ultimately I still wouldn't know what the underlying problem was.

I started comparing everything about these GoDaddy servers to other servers I manage which do not present these problems. It turned out to be a permissions issue on the root directory. I found that all my other servers had permissions for "Authenticated Users" on my data drives, the GoDaddy servers did not that same setting. Once I added the authenticated users group and granted permissions on the root directory, subdirectories and files, all of the issues I was experiencing disappeared.

I have not been able to determine why the root directories did not have the authenticated users group when I set them up. The set up for these directories was the same as all of my other servers. I went into disk management and added a new volume.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Figured it would be something like that. Those kinds of permission issues are tricky to track down. But you're right, most servers have either Authenticated Users or Users granted at least read permissions on new volumes by default. Godaddy probably has it set up differently on their VM templates, though.
0
 

Author Comment

by:gacto
Comment Utility
It would have been helpful if someone at GoDaddy had knowledge of the standards they have in their image. But the go-to response was to tell me I was free to configure the server any way I wanted. That is all good, but it was difficult to do when I couldn't even get a baseline on what was causing the problem.

In any event, I did finally get it resolved. I appreciate your help in trying to track this down.
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Welcome to the cloud. Enjoy talking to tech support more often :S (In the 4-5 years I've been working with Office 365, I've seriously only had Microsoft's tech support beat me to a solution one time. And that was only because I spent an additional hour trying to get my case escalated to their top tier support team)
0
 

Author Closing Comment

by:gacto
Comment Utility
The issue was one I found by comparing other server configurations to this setup.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
A procedure for exporting installed hotfix details of remote computers using powershell
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now