Solved

Windows Server 2012 R2 Administrator Privileges

Posted on 2016-08-31
11
38 Views
Last Modified: 2016-09-13
I have just set up a new bank of VPS at GoDaddy. They are replacing another server which my software development teams uses for dev and testing. Now that I have the servers online and am configuring each of them for their specific roles, I have had problems with user account permissions.

When I set the VPS up with GoDaddy, I had to create a user account for myself to access the server through RDP. Once I got those accounts established and started configuring the servers I noticed an odd issue on all of the servers. Most of the tasks I perform require me to either acknowledge that administrator rights are required and click through a warning to perform the action, or I have to launch a program (like Notepad) as an administrator to complete an action.

I understand that the built in administrator has elevated privileges, which are necessary for some actions, but I am being required to provide those credentials for too many activities. I don't have to enter username a password, but I have to click through the elevated privileges often. This is even a requirement when I want to paste a file to a directory on a hard drive partition that I created with my user account which is assigned to the administrator group.

I have several other servers, some are virtual and others dedicated, with several other hosting providers, but I don't have this experience on any of those servers. I have logged in to both a GoDaddy server and one with another hosting provider to compare user account permissions, UAC, HDD owner, etc. for the accounts I use personally on each machine and all of the settings I have checked are identical. This issue has completely stumped me.

I am sure there is something on these GoDaddy VPS devices that I am overlooking, but I can't find it. Can someone offer a suggestion or know of a solution to the problem?
0
Comment
Question by:gacto
  • 6
  • 5
11 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41778499
Did you check the group policy settings for UAC? GPedit.msc > Windows Settings > Security Settings > Local Policies > Security Options.

There are a bunch of UAC options there that change the way it functions. The prompts you're getting are UAC related, so I'd start there if you haven't already check it out.
0
 

Author Comment

by:gacto
ID: 41778513
I have looked at those also. Compared to the other servers I have outside of GoDaddy, these UAC settings are identical.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41778516
Do you know if there are any GPOs that are applied to the servers? Run RSOP.msc (again, if you haven't) and check the same UAC settings in there. Local policy gets over-ridden by group policy in all cases, so if there is a GPO modifying those settings, GPedit.msc won't show the applied settings,
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:gacto
ID: 41778527
Ok I had not taken this step, as a matter of fact I haven't even heard of it before. When I run this every result under Windows Settings > Security Settings > Local Policies > Security Options have "Not Defined" under the computer setting. When I click on any policy for UAC to edit the settings, all of the options are greyed out.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41778556
Ok. That means no group policies are being applied. From here, check the registry to see how it's set:
https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys

It's possible that whatever templates are used by Godaddy have this stuff set in the registry, so check that out next.
0
 

Author Comment

by:gacto
ID: 41778588
Ok I had not compared these before, but they are also exactly the same as my non-GoDaddy servers.
0
 

Accepted Solution

by:
gacto earned 0 total points
ID: 41790251
Adam - I finally broke down and got on a support session with GoDaddy and tried to get this resolved. There was no resolution from them. They kept pointing to UAC and their ultimate suggestion was to turn off UAC completely. While I am not necessarily opposed to that, I didn't want to use that as a solution because ultimately I still wouldn't know what the underlying problem was.

I started comparing everything about these GoDaddy servers to other servers I manage which do not present these problems. It turned out to be a permissions issue on the root directory. I found that all my other servers had permissions for "Authenticated Users" on my data drives, the GoDaddy servers did not that same setting. Once I added the authenticated users group and granted permissions on the root directory, subdirectories and files, all of the issues I was experiencing disappeared.

I have not been able to determine why the root directories did not have the authenticated users group when I set them up. The set up for these directories was the same as all of my other servers. I went into disk management and added a new volume.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41790373
Figured it would be something like that. Those kinds of permission issues are tricky to track down. But you're right, most servers have either Authenticated Users or Users granted at least read permissions on new volumes by default. Godaddy probably has it set up differently on their VM templates, though.
0
 

Author Comment

by:gacto
ID: 41790413
It would have been helpful if someone at GoDaddy had knowledge of the standards they have in their image. But the go-to response was to tell me I was free to configure the server any way I wanted. That is all good, but it was difficult to do when I couldn't even get a baseline on what was causing the problem.

In any event, I did finally get it resolved. I appreciate your help in trying to track this down.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41790415
Welcome to the cloud. Enjoy talking to tech support more often :S (In the 4-5 years I've been working with Office 365, I've seriously only had Microsoft's tech support beat me to a solution one time. And that was only because I spent an additional hour trying to get my case escalated to their top tier support team)
0
 

Author Closing Comment

by:gacto
ID: 41795699
The issue was one I found by comparing other server configurations to this setup.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question