Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 75
  • Last Modified:

Server Permissions

Which server permissions allow/deny running files like "openfiles.exe" or "Get-WMIObject"

I am a domain admin and even tried adding myself as a local administrator on the server itself, neither makes a difference, I just get an "Error: Access is Denied".  One server is Server2008 R2 and the other is a Server2012 R2

Thanks
0
Mick Finley
Asked:
Mick Finley
  • 4
  • 2
  • 2
1 Solution
 
Mick FinleyNetwork EngineerAuthor Commented:
Ok, I discovered it does execute if I choose "run as administrator"...but why, this is only on a couple of servers, not all of them, what would be different for one Server2008 R2 to require ir, but not another Server2008 R2?
0
 
Mick FinleyNetwork EngineerAuthor Commented:
I think I have found it.  Within 'Local Security Policy'>Security Options, there is a policy enabled called 'User Account Control: Run all administrators in Admin Approval mode' ...I can't restart the server yet to know for sure, but it sounds promising and is set different than my other servers
0
 
arnoldCommented:
Once local security policy is changed, the effect should be immediate.  The restrictions implemented for the UAC and similar in 2008 and newer is to avoid compromises that existing in the prior version to shield the system from compromises.

It sounds that on this server, your UAC prompt is disabled, while on the others with this setting still in place, you get prompted when an elevated access is needed that is not present on this one.  Check the control panel and UAC settings to make sure you get prompted in the event rights elevation is required to perform a task.

Think long and hard on whether you want to weaken the "security mechanism" on your system.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Steve KnightIT ConsultancyCommented:
Agreed there... leave us on if possible!

When you run on a pc or server with us turned on as an admin then you get the rights associated with none admin groups.  e.g. if you try and amend files in a direction and domain users have read and domain administrator have modify rights then unless you run as admin you get the read access associated with normal users group.

Much more to it than that but helps protect your systems and data when you use admin accounts - e.g. if you are using a domain admin accounts on your workstation to login ..
0
 
Mick FinleyNetwork EngineerAuthor Commented:
UAC on windows is very much like root on linux.  It's just annoying, but since I have found the workaround and know why it's doing it, that was all I needed.  Asking a question sometimes, makes a person think a bit more and I had it figured out very quick right after posting this...thanks for the replies all and maybe it'll help someone else in the future.
0
 
Steve KnightIT ConsultancyCommented:
Really would suggest leaving UAC enabled, all you have to do is start the script or batch file with right click, run as administrator when needed.
0
 
arnoldCommented:
Just be forewarned, the changes you made you may regret. Check the other systems in the same way to see whether they too have the "solution" you implemented on this system.
0
 
Mick FinleyNetwork EngineerAuthor Commented:
I posted my own solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now