?
Solved

Windows Server 2012 R2 Administrator Privileges

Posted on 2016-08-31
11
Medium Priority
?
131 Views
Last Modified: 2016-09-13
I have just set up a new bank of VPS at GoDaddy. They are replacing another server which my software development teams uses for dev and testing. Now that I have the servers online and am configuring each of them for their specific roles, I have had problems with user account permissions.

When I set the VPS up with GoDaddy, I had to create a user account for myself to access the server through RDP. Once I got those accounts established and started configuring the servers I noticed an odd issue on all of the servers. Most of the tasks I perform require me to either acknowledge that administrator rights are required and click through a warning to perform the action, or I have to launch a program (like Notepad) as an administrator to complete an action.

I understand that the built in administrator has elevated privileges, which are necessary for some actions, but I am being required to provide those credentials for too many activities. I don't have to enter username a password, but I have to click through the elevated privileges often. This is even a requirement when I want to paste a file to a directory on a hard drive partition that I created with my user account which is assigned to the administrator group.

I have several other servers, some are virtual and others dedicated, with several other hosting providers, but I don't have this experience on any of those servers. I have logged in to both a GoDaddy server and one with another hosting provider to compare user account permissions, UAC, HDD owner, etc. for the accounts I use personally on each machine and all of the settings I have checked are identical. This issue has completely stumped me.

I am sure there is something on these GoDaddy VPS devices that I am overlooking, but I can't find it. Can someone offer a suggestion or know of a solution to the problem?
0
Comment
Question by:gacto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41778499
Did you check the group policy settings for UAC? GPedit.msc > Windows Settings > Security Settings > Local Policies > Security Options.

There are a bunch of UAC options there that change the way it functions. The prompts you're getting are UAC related, so I'd start there if you haven't already check it out.
0
 

Author Comment

by:gacto
ID: 41778513
I have looked at those also. Compared to the other servers I have outside of GoDaddy, these UAC settings are identical.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41778516
Do you know if there are any GPOs that are applied to the servers? Run RSOP.msc (again, if you haven't) and check the same UAC settings in there. Local policy gets over-ridden by group policy in all cases, so if there is a GPO modifying those settings, GPedit.msc won't show the applied settings,
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:gacto
ID: 41778527
Ok I had not taken this step, as a matter of fact I haven't even heard of it before. When I run this every result under Windows Settings > Security Settings > Local Policies > Security Options have "Not Defined" under the computer setting. When I click on any policy for UAC to edit the settings, all of the options are greyed out.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41778556
Ok. That means no group policies are being applied. From here, check the registry to see how it's set:
https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys

It's possible that whatever templates are used by Godaddy have this stuff set in the registry, so check that out next.
0
 

Author Comment

by:gacto
ID: 41778588
Ok I had not compared these before, but they are also exactly the same as my non-GoDaddy servers.
0
 

Accepted Solution

by:
gacto earned 0 total points
ID: 41790251
Adam - I finally broke down and got on a support session with GoDaddy and tried to get this resolved. There was no resolution from them. They kept pointing to UAC and their ultimate suggestion was to turn off UAC completely. While I am not necessarily opposed to that, I didn't want to use that as a solution because ultimately I still wouldn't know what the underlying problem was.

I started comparing everything about these GoDaddy servers to other servers I manage which do not present these problems. It turned out to be a permissions issue on the root directory. I found that all my other servers had permissions for "Authenticated Users" on my data drives, the GoDaddy servers did not that same setting. Once I added the authenticated users group and granted permissions on the root directory, subdirectories and files, all of the issues I was experiencing disappeared.

I have not been able to determine why the root directories did not have the authenticated users group when I set them up. The set up for these directories was the same as all of my other servers. I went into disk management and added a new volume.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41790373
Figured it would be something like that. Those kinds of permission issues are tricky to track down. But you're right, most servers have either Authenticated Users or Users granted at least read permissions on new volumes by default. Godaddy probably has it set up differently on their VM templates, though.
0
 

Author Comment

by:gacto
ID: 41790413
It would have been helpful if someone at GoDaddy had knowledge of the standards they have in their image. But the go-to response was to tell me I was free to configure the server any way I wanted. That is all good, but it was difficult to do when I couldn't even get a baseline on what was causing the problem.

In any event, I did finally get it resolved. I appreciate your help in trying to track this down.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41790415
Welcome to the cloud. Enjoy talking to tech support more often :S (In the 4-5 years I've been working with Office 365, I've seriously only had Microsoft's tech support beat me to a solution one time. And that was only because I spent an additional hour trying to get my case escalated to their top tier support team)
0
 

Author Closing Comment

by:gacto
ID: 41795699
The issue was one I found by comparing other server configurations to this setup.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question