Announcement

Collapse
No announcement yet.

Windows 2008 Administrator account disabled = access problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 Administrator account disabled = access problems

    Hi,

    I'm locking down our site as per MS best practice and have disabled the builtin administrator account for the domain (as in the one that appears in the builtin container).

    before I did this I created a slew of dedicated administrator acccount for the various administrative users, and a super user account that was schema and enterprise admins.

    Having disabled this account I can now no longer edit the loginscript in sysvol\mydomain\scripts.

    I get 'access denied' even if I use my mega administrative priveledges account.

    I've had some other 'access denied' issues when runnign things as services but have managed to work around them

    It's almost like the 'run as administrator' 'hidden' account in Vista/7 is in Windows 2008 as well, and disabling 'builitin/administrator' stuffs it.

    It now looks like I need to re-enable this account to edit this script which somwehat of a joke given that best practice says you are SUPPOSED to disable this account

    Can anyone shed any light on this?

    All priveledges are correct on the share and on the folder/file.

  • #2
    Re: Windows 2008 Administrator account disabled = access problems

    even though you're using your super-privileged account, sometimes you do need to "run-as administrator" for certain tasks.

    Have you tried this ?

    The same applies to folders, even though you might be an EA level account, it still won't let you access files until you give yourself specific privileges to..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Windows 2008 Administrator account disabled = access problems

      We rename the admin account so the login becomes something different. You will not get all these odd issues.

      Comment


      • #4
        Re: Windows 2008 Administrator account disabled = access problems

        Hello,

        Can you not just remove all log on rights? As in, disable log on locally, and disable remote log on.

        You will still be able to use the Admin account to force things to run, wont kill your AD, but also limits the ability of anyone to take over your server.

        Also, I do believe that MS have removed there "disable Admin account" on Server 2008 OS. We do not have it disabled, and I can not remember seeing it in any BPA's.

        Wofen
        Good to be back....

        Comment

        Working...
        X