Solved

Windows Server 2012 R2 Administrator Privileges

Posted on 2016-08-31
11
46 Views
Last Modified: 2016-09-13
I have just set up a new bank of VPS at GoDaddy. They are replacing another server which my software development teams uses for dev and testing. Now that I have the servers online and am configuring each of them for their specific roles, I have had problems with user account permissions.

When I set the VPS up with GoDaddy, I had to create a user account for myself to access the server through RDP. Once I got those accounts established and started configuring the servers I noticed an odd issue on all of the servers. Most of the tasks I perform require me to either acknowledge that administrator rights are required and click through a warning to perform the action, or I have to launch a program (like Notepad) as an administrator to complete an action.

I understand that the built in administrator has elevated privileges, which are necessary for some actions, but I am being required to provide those credentials for too many activities. I don't have to enter username a password, but I have to click through the elevated privileges often. This is even a requirement when I want to paste a file to a directory on a hard drive partition that I created with my user account which is assigned to the administrator group.

I have several other servers, some are virtual and others dedicated, with several other hosting providers, but I don't have this experience on any of those servers. I have logged in to both a GoDaddy server and one with another hosting provider to compare user account permissions, UAC, HDD owner, etc. for the accounts I use personally on each machine and all of the settings I have checked are identical. This issue has completely stumped me.

I am sure there is something on these GoDaddy VPS devices that I am overlooking, but I can't find it. Can someone offer a suggestion or know of a solution to the problem?
0
Comment
Question by:gacto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41778499
Did you check the group policy settings for UAC? GPedit.msc > Windows Settings > Security Settings > Local Policies > Security Options.

There are a bunch of UAC options there that change the way it functions. The prompts you're getting are UAC related, so I'd start there if you haven't already check it out.
0
 

Author Comment

by:gacto
ID: 41778513
I have looked at those also. Compared to the other servers I have outside of GoDaddy, these UAC settings are identical.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41778516
Do you know if there are any GPOs that are applied to the servers? Run RSOP.msc (again, if you haven't) and check the same UAC settings in there. Local policy gets over-ridden by group policy in all cases, so if there is a GPO modifying those settings, GPedit.msc won't show the applied settings,
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:gacto
ID: 41778527
Ok I had not taken this step, as a matter of fact I haven't even heard of it before. When I run this every result under Windows Settings > Security Settings > Local Policies > Security Options have "Not Defined" under the computer setting. When I click on any policy for UAC to edit the settings, all of the options are greyed out.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41778556
Ok. That means no group policies are being applied. From here, check the registry to see how it's set:
https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys

It's possible that whatever templates are used by Godaddy have this stuff set in the registry, so check that out next.
0
 

Author Comment

by:gacto
ID: 41778588
Ok I had not compared these before, but they are also exactly the same as my non-GoDaddy servers.
0
 

Accepted Solution

by:
gacto earned 0 total points
ID: 41790251
Adam - I finally broke down and got on a support session with GoDaddy and tried to get this resolved. There was no resolution from them. They kept pointing to UAC and their ultimate suggestion was to turn off UAC completely. While I am not necessarily opposed to that, I didn't want to use that as a solution because ultimately I still wouldn't know what the underlying problem was.

I started comparing everything about these GoDaddy servers to other servers I manage which do not present these problems. It turned out to be a permissions issue on the root directory. I found that all my other servers had permissions for "Authenticated Users" on my data drives, the GoDaddy servers did not that same setting. Once I added the authenticated users group and granted permissions on the root directory, subdirectories and files, all of the issues I was experiencing disappeared.

I have not been able to determine why the root directories did not have the authenticated users group when I set them up. The set up for these directories was the same as all of my other servers. I went into disk management and added a new volume.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41790373
Figured it would be something like that. Those kinds of permission issues are tricky to track down. But you're right, most servers have either Authenticated Users or Users granted at least read permissions on new volumes by default. Godaddy probably has it set up differently on their VM templates, though.
0
 

Author Comment

by:gacto
ID: 41790413
It would have been helpful if someone at GoDaddy had knowledge of the standards they have in their image. But the go-to response was to tell me I was free to configure the server any way I wanted. That is all good, but it was difficult to do when I couldn't even get a baseline on what was causing the problem.

In any event, I did finally get it resolved. I appreciate your help in trying to track this down.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41790415
Welcome to the cloud. Enjoy talking to tech support more often :S (In the 4-5 years I've been working with Office 365, I've seriously only had Microsoft's tech support beat me to a solution one time. And that was only because I spent an additional hour trying to get my case escalated to their top tier support team)
0
 

Author Closing Comment

by:gacto
ID: 41795699
The issue was one I found by comparing other server configurations to this setup.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question