1

I have added two domain users to a Win2008 server (non-domain controller) as local administrators. However these two users still have very limited rights, such as not being able to modify local Internet Security Properties. Is there another setting overriding their local admin permissions that they are supposed to have?

EEAA
  • 109,363
  • 18
  • 175
  • 245
marcwenger
  • 235
  • 1
  • 6
  • 21
  • 1
    Have you any Group Policies in place which may be enforcing these settings? – jscott Sep 30 '10 at 20:32
  • This is similar to my question[http://serverfault.com/questions/186039/why-is-using-ntrights-exe-in-windows-server-2008-r2-giving-error-openpolicy-1073] One way is to turn off UAC but I am waiting for a better answer as well. – softveda Sep 30 '10 at 20:37
  • @pratik - you can right click and "Run as Administrator" in order to force elevation. UAC should almost never be disabled. – Mark Allen Oct 01 '10 at 20:55
  • In my case I am running a automatic non-interactive build script. There is no way I can "right click". – softveda Oct 05 '10 at 00:25
  • gotcha. will consider instead of permanently lifting restrictions – marcwenger Oct 05 '10 at 02:01

1 Answers1

0

Make sure you're "elevating" before doing anything that requires administrative rights. Being a member of the local administrators group means that when you get prompted, it's just to click "Ok" vs. having to provide a separate user name and password.

Mark Allen
  • 474
  • 3
  • 8
  • 1
    You shouldn't disable UAC, instead simply answer the prompt – Jim B Oct 01 '10 at 00:09
  • Agreed, please don't disable UAC! That can be dangerous. It's really nice to be able to have admin rights and yet not be able to use them by accident. – Mark Allen Oct 01 '10 at 20:54