2012 R2 server does not have domain administrator as a user
I'm logged on to a new 2012 R2 server that my assistant built. (his first) I was trying to run a Powershell script and it failed with "access denied' to files I was trying to delete in the system32 folder.
When I checked the security permissions there was no domain administrator in there.
I looked in users and the only user was Administrator for the computer, not the domain.
I've never seen this before. What is wrong and how do I fix it?
When I checked the security permissions there was no domain administrator in there.
I looked in users and the only user was Administrator for the computer, not the domain.
I've never seen this before. What is wrong and how do I fix it?
The domain users (including domain groups and user) do not show locally unless you are checking group members or ACLs assigned to resources such as files/folders. Where are you checking? Please post some screenshots
ASKER
yes part of a domain. See attachments
No idea why you added the user... I never do that. The Domain Administrator is part of the Domain Administrators group. By Default, this group is included in the local computer's "Administrators" group. So thanks to group membership, you have the administrator rights.
Would have been helpful to post the PowerShell window's errors (including the window title).... my guess is that you weren't running the Powershell command as an administrator. (By default, even if you're an admin, you don't run things with admin rights for security).
Would have been helpful to post the PowerShell window's errors (including the window title).... my guess is that you weren't running the Powershell command as an administrator. (By default, even if you're an admin, you don't run things with admin rights for security).
ASKER
Why doesn't the domain admin show in the securities properties?
Remove-Item : Cannot remove item C:\Windows\System32\Lock64
is denied.
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\System32\Lock6
ccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...reenCon
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...Content
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...ntentSe
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Cleanup failed. Manual cleanup required.
PS C:\removalscript>
Remove-Item : Cannot remove item C:\Windows\System32\Lock64
is denied.
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\System32\Lock6
ccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...reenCon
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...Content
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Remove-Item : Cannot remove item C:\Windows\System32\LockSc
'C:\Windows\System32\LockS
At C:\removalscript\Tricerat v4 Removal Script.ps1:337 char:5
+ Remove-Item $env:windir'\System32\Lock
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Windows\Syst...ntentSe
edAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuth
Cleanup failed. Manual cleanup required.
PS C:\removalscript>
That's a copy and paste, not a screen shot. A screen shot would show me the title bar:
A picture is worth a thousand words. A copy and paste only 100.
A picture is worth a thousand words. A copy and paste only 100.
ASKER
here you go
Ok, so the next question is, does the Domain Admins group belong to the local Administrators group on the computer? Check in Computer Management.
ASKER
nope. How do I add it?
ASKER
I was incorrect. Domain Admins is there
What's the permissions on the files in question (that you're trying to remove)?
ASKER
see attached
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That fixed that problem, but there are more. See post below
https://www.experts-exchange.com/questions/29040141/Windows-server-2012-R2-permissions-on-services-get-Access-denied.html
https://www.experts-exchange.com/questions/29040141/Windows-server-2012-R2-permissions-on-services-get-Access-denied.html
ASKER
Thanks
Is this joined to another domain or is it a standalone DC?