0

SharePoint Foundation 2010 SP1 on Windows Server 2008 R2 Std SP1 (Domain Controller) in a simple farm with a single SQL Server 2008 SP1/Windows Server 2008 Std SP2 backend

I realise installing SP on a DC is not advised but I've no alternative.

Trying to run Get-SPWeb -site [site path] I get the following error:

Get-SPWeb : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At line:1 char:10
+ Get-SPWeb <<<<  -site [site path]
    + CategoryInfo          : InvalidData: (Microsoft.Share....SPCmdletGetWeb:SPCmdletGetWeb) [Get-SPWeb], UnauthorizedAccessException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetWeb

I am running as SP_admin. To make sure SP_admin has SharePoint_Shell_Access role on the database, I tried to run Add-SPShellAdmin -username DOMAIN\SP_admin -database [GUID] but then got this error:

Add-SPShellAdmin : You need to have Machine administrator priviliges to run this cmdlet.
At line:1 char:17
+ Add-SPShellAdmin <<<<  -username DOMAIN\SP_admin -database $spcdb
    + CategoryInfo          : InvalidData: (Microsoft.Share...AddSPShellAdmin:SPCmdletAddSPShellAdmin) [Add-SPShellAdmin], SPException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletAddSPShellAdmin

I have checked:

  • I am running as SP_admin account
  • SP_admin is member of Administrators group
  • SP_admin is member of WSS_ADMIN_WPG group
  • SP_admin has securityadmin role on the SQL Server instance
  • SP_admin has db_owner role on content database

Why is it complaining I need to run as Machine administrator when the account is in the Administrators group? Could it be to do with it being a DC and AD replacing local groups?

tpml7
  • 479
  • 1
  • 5
  • 21
spartanmouse
  • 27
  • 4
  • 8

1 Answers1

3

One quick thing to try is to run the SharePoint Management Shell "as Administrator" by right clicking on it in the Start menu, and select "Run as administrator".

If that doesn't work, check your server and see if UAC is on, when I've run into that Machine admin rights error in the past I had to turn off UAC to get past it.

Run as Admin may mitigate it as well, but I didn't try that at the time.

Kiquenet
  • 143
  • 1
  • 9
John Ferringer
  • 261
  • 1
  • 4
  • I can't believe it was something so simple - you're right, it was UAC! I was logged in as domain\administrator and was using runas to open Management Shell in SP_admin user context. Logging in as SP_admin and then using Run As Administrator instead allowed me to run the cmdlet. It turns out, however, that the cmdlet will fail to add SP_admin to the SharePoint_Shell_Access role on the config database (of which it is the owner), so it seems you cannot use this cmdlet to give permission to the SP_admin account itself. I was able to use the cmdlet to grant permission to another user account. – spartanmouse Jan 13 '12 at 12:26
  • My experience was that nothing else (including Run as) helped than logging in using Remote desktop using the actual farm admin account. This is not very nice, since the right to interactively log on has to be granted to the farm account. You could disable this later of course. – Pontus Jan 02 '15 at 08:45