Various permissions issues appearing - UAC, file shares, security logs

Windows 2012 R2 domain with 2012 and 2008 member servers. In the last couple of days I'm seeing various permissions issues affecting domain admins.

UAC control is asking for username and password when popping up - continues fine once the details are given, but as a domain admin this would normally just show the UAC notification without asking for account details.

Access to various admin shares is requiring entering of username and password.

Security logs on a number of servers are inaccessible - access denied.

dcddiag shows everything fine. Have run netdom verify on the affected member servers - all ok. Nothing of interest in the logs - although can't get into the security logs as mentioned.



There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly. UAC will prompt for security when logged on the server and trying to local resources. You could do two things:
1. Disable UAC
2. Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells. There are very few environments where UAC is left off and most people just turn it off.



There is nothing wrong, this is the nature of the beast if you don't configure UAC correctly. UAC will prompt for security when logged on the server and trying to local resources. You could do two things:
1. Disable UAC
2. Configured your most used application to run in Administrator mode

In some environments where UAC is not allowed to be turned off, what most admins do is that they configure CMD.EXE and POWERSHELL.EXE to run as administrator (under Advanced properties tab) and launch all their admin utilities from these shells. There are very few environments where UAC is left off and most people just turn it off.



Mohammed - UAC has never prompted for username/password when logged in as domain admin - it has simply given a confirmation box to be OKed. This has been the same on every network I've worked on since UAC was invented.



With prompt for security, it means that if you are using a non-administrator account, it will prompt for authentication, else it will just ask for confirmation.



Yes, I understand that - but domain admin accounts are being used. It's not UAC that's the problem - this is a symptom, there is obviously an underlying permissions issue - that's what I need help identifying.



Sorry - schoolboy error. I didn't realise a GP was applied yesterday to the application server OU to give the developers admin rights. Other admin had neglected to explicitly include domain admins which would have been there by default but knocked off by the GP.

All working again.

Share this

Related Posts

There was an error in this gadget