Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2008 R2 CACLS - Permission Denied for a Local Admin

Status
Not open for further replies.
peterlyttle

peterlyttle

Technical User
Nov 6, 2006
139
GB
Following on from a query in another forum -
Has anyone any ideas on how to get this command to execute in 2008 R2?

Code: 
cacls C:\windows\system32\arp.exe /E /R BUILTIN\Users"

I get a Permission Denied even as a Local Admin. This command works on some files (non-system) and changing the permissions via the GUI also work.

Anyone any ideas?
 
Sort by date Sort by votes
Edit, sorry the GUI doesnt allow it to work either. I think taking ownership of the file then changing the permissions then changing the ownership back may work.
 
Upvote 0 Downvote
When you run it from the command line and are logged in as an admin, are you actually running the command-line session as an admin? If you navigate through the Start menu to the shortcut that launches that command-line session, you need to right-click on it and then select "Run as Administrator."

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
I was opening the Command prompt by going Start->Run->cmd IIRC this opens everything with Admin anyway.
 
Upvote 0 Downvote
I resolved the issue with using -

takeown /F C:\windows\system32\arp.exe
cacls.exe C:\windows\system32\arp.exe /E /R BUILTIN\Users
icacls.exe file.exe /setowner "NT SERVICE\TrustedInstaller"

Combine this into a powershell script and it worked a treat!!
 
Upvote 0 Downvote
I was opening the Command prompt by going Start->Run->cmd IIRC this opens everything with Admin anyway.
Click to expand...

I don't believe it does, unless you're getting the whole screen-greyed-out-asking-you-if-you-want-to-launch-it-as-admin thing. It will still open, and most functionality will be available to you, but some things will simply fail to work unless you actually run it as admin (roughly equivalent to SUDO).

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
437
gbaughma
gbaughma
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
212
hairlessupportmonkey
hairlessupportmonkey
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
199
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
714
goombawaho
goombawaho
maybeimaleo
  • Locked
  • Question
Can SMTP Be Migrated From 2008 R2 to 2019?
Replies
1
Views
200
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top