1

I'm running Windows Server 2012 R2.

I have a task that runs every 30 minutes. Basically, it checks to see if an interface address has changed, updates a config file, and restarts an application. Because the config file is in C:\Program Files, the process has to run with highest privileges or else access to the file is denied.

This works fine - the problem is that when the restarted application creates files, they are owned by the Administrators group by default. I use a different account which belongs to the administrators group, domain admin group, hyper-V admin group etc, yet any time I try to modify files created by that application I get a UAC prompt.

I have to manually edit the security of the file/directory created and grant myself explicit permission - permissions from the Administrators group don't seem to be inherited - does anyone know what could be causing this?

David Yateya44
  • 11
  • 1

1 Answers1

0

You say yourself that the task runs with highest privileges - i.e. using an admin user.

So every single file created by this task will be given the permissions of that same user context.

What you could do to mitigate this issue, is either running the commands that might create files as another (lower privileged) user or let your task set the correct permission after creating the files.

randomnickname
  • 513
  • 2
  • 11