Solved

Server Permissions

Posted on 2016-09-16
8
57 Views
Last Modified: 2016-09-24
Which server permissions allow/deny running files like "openfiles.exe" or "Get-WMIObject"

I am a domain admin and even tried adding myself as a local administrator on the server itself, neither makes a difference, I just get an "Error: Access is Denied".  One server is Server2008 R2 and the other is a Server2012 R2

Thanks
0
Comment
Question by:mickfinley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 6

Author Comment

by:mickfinley
ID: 41802162
Ok, I discovered it does execute if I choose "run as administrator"...but why, this is only on a couple of servers, not all of them, what would be different for one Server2008 R2 to require ir, but not another Server2008 R2?
0
 
LVL 6

Accepted Solution

by:
mickfinley earned 0 total points
ID: 41802208
I think I have found it.  Within 'Local Security Policy'>Security Options, there is a policy enabled called 'User Account Control: Run all administrators in Admin Approval mode' ...I can't restart the server yet to know for sure, but it sounds promising and is set different than my other servers
0
 
LVL 78

Expert Comment

by:arnold
ID: 41802641
Once local security policy is changed, the effect should be immediate.  The restrictions implemented for the UAC and similar in 2008 and newer is to avoid compromises that existing in the prior version to shield the system from compromises.

It sounds that on this server, your UAC prompt is disabled, while on the others with this setting still in place, you get prompted when an elevated access is needed that is not present on this one.  Check the control panel and UAC settings to make sure you get prompted in the event rights elevation is required to perform a task.

Think long and hard on whether you want to weaken the "security mechanism" on your system.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 41802666
Agreed there... leave us on if possible!

When you run on a pc or server with us turned on as an admin then you get the rights associated with none admin groups.  e.g. if you try and amend files in a direction and domain users have read and domain administrator have modify rights then unless you run as admin you get the read access associated with normal users group.

Much more to it than that but helps protect your systems and data when you use admin accounts - e.g. if you are using a domain admin accounts on your workstation to login ..
0
 
LVL 6

Author Comment

by:mickfinley
ID: 41805368
UAC on windows is very much like root on linux.  It's just annoying, but since I have found the workaround and know why it's doing it, that was all I needed.  Asking a question sometimes, makes a person think a bit more and I had it figured out very quick right after posting this...thanks for the replies all and maybe it'll help someone else in the future.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 41805379
Really would suggest leaving UAC enabled, all you have to do is start the script or batch file with right click, run as administrator when needed.
0
 
LVL 78

Expert Comment

by:arnold
ID: 41805569
Just be forewarned, the changes you made you may regret. Check the other systems in the same way to see whether they too have the "solution" you implemented on this system.
0
 
LVL 6

Author Closing Comment

by:mickfinley
ID: 41813607
I posted my own solution.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question