No announcement yet.

Windows 2008 Administrator account disabled = access problems

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 Administrator account disabled = access problems


    I'm locking down our site as per MS best practice and have disabled the builtin administrator account for the domain (as in the one that appears in the builtin container).

    before I did this I created a slew of dedicated administrator acccount for the various administrative users, and a super user account that was schema and enterprise admins.

    Having disabled this account I can now no longer edit the loginscript in sysvol\mydomain\scripts.

    I get 'access denied' even if I use my mega administrative priveledges account.

    I've had some other 'access denied' issues when runnign things as services but have managed to work around them

    It's almost like the 'run as administrator' 'hidden' account in Vista/7 is in Windows 2008 as well, and disabling 'builitin/administrator' stuffs it.

    It now looks like I need to re-enable this account to edit this script which somwehat of a joke given that best practice says you are SUPPOSED to disable this account

    Can anyone shed any light on this?

    All priveledges are correct on the share and on the folder/file.

  • #2
    Re: Windows 2008 Administrator account disabled = access problems

    even though you're using your super-privileged account, sometimes you do need to "run-as administrator" for certain tasks.

    Have you tried this ?

    The same applies to folders, even though you might be an EA level account, it still won't let you access files until you give yourself specific privileges to..
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Windows 2008 Administrator account disabled = access problems

      We rename the admin account so the login becomes something different. You will not get all these odd issues.


      • #4
        Re: Windows 2008 Administrator account disabled = access problems


        Can you not just remove all log on rights? As in, disable log on locally, and disable remote log on.

        You will still be able to use the Admin account to force things to run, wont kill your AD, but also limits the ability of anyone to take over your server.

        Also, I do believe that MS have removed there "disable Admin account" on Server 2008 OS. We do not have it disabled, and I can not remember seeing it in any BPA's.

        If in asking for more details about a problem I seem to be rude, think about it this way, If I did not have to ask, I would not of been forced to be rude.

        Please assume anything and everything I say to be wrong unless I have provided links and evidence, or you have done the same.
        IE: you blow your server up following my advice, not my bad

        A OP is bad if I can go to and answer the question by pressing 4 buttons. "Ctrl +c, Ctrl +v".