?
Solved

Security Permissions Issues

Posted on 2016-10-21
10
Medium Priority
?
93 Views
Last Modified: 2016-10-21
I'm having some permissions issues and don't know what I'm doing wrong.

I had a Win7 PC (MAE-PC) which had one user: Michael.  This user is in the local Administrators group (see snapshot)

I added a local server and started up AD DS, DNS and DHCP and created a Domain Admin called Michael (Michael@ESCARRAF.COM).

I added the Win7 PC (MAE-PC) to the Domain.  Then went into the Local Users and Groups for the PC and added the Domain Admin (Michael@ESCARRAF.COM) to the Local Administrators group (see snapshot).  

When I login to MAE-PC\Michael (local Admin) I can install programs fine.  But, when I login as ESCARRAF\Michael, it says permission denied on the C:\Program Files and C:\Program FIles (x86) folders.

So, when I check the Security tab on C:\Program Files I see that LOCAL Administrators have no access and Users have Read/Execute.  How is that even possible?  Anyway, my main issue is that I can't install anything when logged in with a Domain user.  See snapshot for security settings on C:\Program Files.  I have NEVER touched these permissions.

I did notice that for C:\Program Files, C:\Program Files (x86), C:\Users and C:\Windows, the permissions are NOT inherited from C:\

Michael
2016-10-21_10-36-49.jpg
2016-10-21_10-58-26.jpg
2016-10-21_10-58-48.jpg
2016-10-21_10-59-13.jpg
0
Comment
Question by:Michael
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 56

Accepted Solution

by:
McKnife earned 1000 total points
ID: 41854006
Simply scroll down on https://filedb.experts-exchange.com/incoming/2016/10_w43/1123503/2016-10-21_10-58-48.jpg
You'll see that there is a checkbox "special permissions" checked for administrators. They have all access.
0
 

Author Comment

by:Michael
ID: 41854014
My main questions is why doesn't ESCARRAF.COM/Michael have access?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41854022
UAC filters the domain admin's token. It will only take effect when Michael elevates.
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 
LVL 79

Assisted Solution

by:arnold
arnold earned 1000 total points
ID: 41854148
To McKnife's point, when you install as local user, do you get promted for UAC elevation, if so, when you login with the donain account, do you get prompted with UAC as well?
Your AD GPO might set uac not to prompt (notify, never) which will explain the difference in handling.
Do you get the same error if you right click on the setup, installer and run it as administrator.
0
 

Author Comment

by:Michael
ID: 41854199
Let me try to right click. I do know that I have UAC disabled so that shouldn't be the issue. I don't get prompted ever.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41854417
With uac off, it has to work. So it's defective behavior. Try a repair installation aka in place upgrade.
0
 
LVL 79

Expert Comment

by:arnold
ID: 41854487
With UAC off, the domain account even as part of the local administrators group falls under more scrutiny compared to the local account that is a member of the local administrators group.

Do you have any anti-virus application on the system/internet security application that might be enforcing/denying the domain user install attempt?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41854514
I disagree. No difference between different admins when uac is off.
0
 
LVL 79

Expert Comment

by:arnold
ID: 41854687
is the domain account also a member of the domain users group?
0
 

Author Comment

by:Michael
ID: 41854694
Fixed!  After rebooting all is fine!  Perhaps the domain didn't authenticate thus the NT Authority wasn't a a valid user?

Thanks for the responses!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question