UAC Windows 2008 Issue

[mcdsweet98]

Hi Guys,

I am having this issue with UAC on a windows server 2008 workgroup servers. I am trying to access administrative shares on this workgroup machines but it won't allow me although I am already in an admin group. I know this is caused by UAC since the administrator built-in ID works. I keep getting access denied from this UAC. its very annoying. I can't seem to move forward.

I have this following questions needed for help

1) How come UAC blocks workgroup servers but not domain servers? Even if our DC is a Windows Server 2008, should the UAC be blocking those Windows 2008 servers parked under this Domain Controller? I can perform administrative share access for those domain servers using my domain ID.

2) By default, when Microsoft commissions a windows server 2008 server, is the administrative shares blocked by default? and only administrator built in ID is able to access it?

3) Any workaround to go into the administrative shares for this workgroup servers using any other local IDs in the administrator group without disabling UAC or tweaking the Registry policy Token? Any other alternatives?

Please help.


Thank you

 

[mrdenny]

1. Because there are default domain policies in place which change this.

2. Yes.

3. Go into the local security polices on the server and lowing the UAC setting which controls admin network share access. That or start Explorer on the users workstation with admin privileges before attempting to connect to the remove server's admin share.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)
MCM (SQL 2008)
MVP

My Blog

 

[mcdsweet98]

Hi Denny,
Many thanks for the good response. However for Point 3) I tried searching for the admin network share access in the local security policy but I couldn't find any. I attach below a screenshot of the UAC setting on my 2008 server.

http://thetropics.com.my/images/uac.jpg

This is the current settings on my server which still wouldn't allow my ID which is in the administrator group to access administrative shares except the built-in.

Thanks for the assistance.

 

[mcdsweet98]

Oh I left out this to ask. What did you mean by

"That or start Explorer on the users workstation with admin privileges before attempting to connect to the remove server's admin share".


Could you provide the steps? Assuming that I am installing a software which can only be installed remotely into the target server.

 

[mrdenny]

Hum, I thought there was a policy that could change that. Looks like I'm wrong. You might try futzing with the UAC settings and see if adjusting them at all might help solve the problem.

Right click on Windows Explorer and select "Run as Administrator".

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)
MCM (SQL 2008)
MVP

My Blog

 

[muckermucker]

I have the perfect answer for you. I found the cause of this myself a few months back and decided to write a blog article about it. It is not well documented on the internet but explorer has a bug with UAC. Feel free to distribute the link! Windows 7 Access Denied on Folders For Administrator