[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Windows Server 2012 R2 Administrator Privileges

I have just set up a new bank of VPS at GoDaddy. They are replacing another server which my software development teams uses for dev and testing. Now that I have the servers online and am configuring each of them for their specific roles, I have had problems with user account permissions.

When I set the VPS up with GoDaddy, I had to create a user account for myself to access the server through RDP. Once I got those accounts established and started configuring the servers I noticed an odd issue on all of the servers. Most of the tasks I perform require me to either acknowledge that administrator rights are required and click through a warning to perform the action, or I have to launch a program (like Notepad) as an administrator to complete an action.

I understand that the built in administrator has elevated privileges, which are necessary for some actions, but I am being required to provide those credentials for too many activities. I don't have to enter username a password, but I have to click through the elevated privileges often. This is even a requirement when I want to paste a file to a directory on a hard drive partition that I created with my user account which is assigned to the administrator group.

I have several other servers, some are virtual and others dedicated, with several other hosting providers, but I don't have this experience on any of those servers. I have logged in to both a GoDaddy server and one with another hosting provider to compare user account permissions, UAC, HDD owner, etc. for the accounts I use personally on each machine and all of the settings I have checked are identical. This issue has completely stumped me.

I am sure there is something on these GoDaddy VPS devices that I am overlooking, but I can't find it. Can someone offer a suggestion or know of a solution to the problem?
0
gacto
Asked:
gacto
  • 6
  • 5
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
Did you check the group policy settings for UAC? GPedit.msc > Windows Settings > Security Settings > Local Policies > Security Options.

There are a bunch of UAC options there that change the way it functions. The prompts you're getting are UAC related, so I'd start there if you haven't already check it out.
0
 
gactoAuthor Commented:
I have looked at those also. Compared to the other servers I have outside of GoDaddy, these UAC settings are identical.
0
 
Adam BrownSr Solutions ArchitectCommented:
Do you know if there are any GPOs that are applied to the servers? Run RSOP.msc (again, if you haven't) and check the same UAC settings in there. Local policy gets over-ridden by group policy in all cases, so if there is a GPO modifying those settings, GPedit.msc won't show the applied settings,
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
gactoAuthor Commented:
Ok I had not taken this step, as a matter of fact I haven't even heard of it before. When I run this every result under Windows Settings > Security Settings > Local Policies > Security Options have "Not Defined" under the computer setting. When I click on any policy for UAC to edit the settings, all of the options are greyed out.
0
 
Adam BrownSr Solutions ArchitectCommented:
Ok. That means no group policies are being applied. From here, check the registry to see how it's set:
https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys

It's possible that whatever templates are used by Godaddy have this stuff set in the registry, so check that out next.
0
 
gactoAuthor Commented:
Ok I had not compared these before, but they are also exactly the same as my non-GoDaddy servers.
0
 
gactoAuthor Commented:
Adam - I finally broke down and got on a support session with GoDaddy and tried to get this resolved. There was no resolution from them. They kept pointing to UAC and their ultimate suggestion was to turn off UAC completely. While I am not necessarily opposed to that, I didn't want to use that as a solution because ultimately I still wouldn't know what the underlying problem was.

I started comparing everything about these GoDaddy servers to other servers I manage which do not present these problems. It turned out to be a permissions issue on the root directory. I found that all my other servers had permissions for "Authenticated Users" on my data drives, the GoDaddy servers did not that same setting. Once I added the authenticated users group and granted permissions on the root directory, subdirectories and files, all of the issues I was experiencing disappeared.

I have not been able to determine why the root directories did not have the authenticated users group when I set them up. The set up for these directories was the same as all of my other servers. I went into disk management and added a new volume.
0
 
Adam BrownSr Solutions ArchitectCommented:
Figured it would be something like that. Those kinds of permission issues are tricky to track down. But you're right, most servers have either Authenticated Users or Users granted at least read permissions on new volumes by default. Godaddy probably has it set up differently on their VM templates, though.
0
 
gactoAuthor Commented:
It would have been helpful if someone at GoDaddy had knowledge of the standards they have in their image. But the go-to response was to tell me I was free to configure the server any way I wanted. That is all good, but it was difficult to do when I couldn't even get a baseline on what was causing the problem.

In any event, I did finally get it resolved. I appreciate your help in trying to track this down.
0
 
Adam BrownSr Solutions ArchitectCommented:
Welcome to the cloud. Enjoy talking to tech support more often :S (In the 4-5 years I've been working with Office 365, I've seriously only had Microsoft's tech support beat me to a solution one time. And that was only because I spent an additional hour trying to get my case escalated to their top tier support team)
0
 
gactoAuthor Commented:
The issue was one I found by comparing other server configurations to this setup.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now