Hi,

We enforce the UAC on all our Windows 2008 servers. It is done via GPO with all the settings recommended for the 'Enterprise' enabled, including setting 'Admin-approval mode for builtin Administrator' to Disabled, so the local Admin is always elevated, with no UAC prompts. No issues with the UAC really, once we added Runas options for scripts to allow 'Run As Administrator' we got used to it pretty quick.
There is one annoyance though, and it's working with files and folders on the system that were created with an account that was elevated during their creation, thus requiring you to be elvated as well when you attempt to view or do anything with them while logged in locally.
For example, as part of the Task Sequencer during our builds we do things like Format the D: drive, create a standard file structure with common folders and such, copy some files, etc.. and it is all done as the Built-in local Administrator account, which is elevated. After it's been built when you login with a domain account you can't do anything in those folders but create new folders, the same behavior you see on the root of C: drive for example with the UAC enabled, you don't get the option to create a Text File or anything like that. Want to delete a file that was copied by the local admin, UAC prompt to gain access. Want to edit a text file, need to open Notepad as Administrator or no save for you.
I understand the elevation prompts for system directories and Program Files, I like those, but prompts for folders on our data partitions, simply because the folder was created with an elevated account, make working locally on the server very challenging. Besides turning the UAC off, which I don't want to do, is there anyway to exclude NTFS volumes that don't host system files to ignore the elvation flag?

Any help will be apprecited.

I didn't find the right solution from the Internet.

References:
https://arstechnica.com/civis/viewtopic.php?f=17&t=85939
Collaboration Solution Video

Thank you.

Hi, We enforce the UAC on all our Windows 2008 servers. It is done via GPO with all the settings recommended for the 'Enterprise' enabled, including setting 'Admin-approval mode for builtin Administrator' to Disabled, so the local Admin is always elevated, with no UAC prompts. No issues with the UAC really, once we added Runas options for scripts to allow 'Run As Administrator' we got used to it pretty quick. There is one annoyance though, and it's working with files and folders on the system that were created with an account that was elevated during their creation, thus requiring you to be elvated as well when you attempt to view or do anything with them while logged in locally. For example, as part of the Task Sequencer during our builds we do things like Format the D: drive, create a standard file structure with common folders and such, copy some files, etc.. and it is all done as the Built-in local Administrator account, which is elevated. After it's been built when you login with a domain account you can't do anything in those folders but create new folders, the same behavior you see on the root of C: drive for example with the UAC enabled, you don't get the option to create a Text File or anything like that. Want to delete a file that was copied by the local admin, UAC prompt to gain access. Want to edit a text file, need to open Notepad as Administrator or no save for you. I understand the elevation prompts for system directories and Program Files, I like those, but prompts for folders on our data partitions, simply because the folder was created with an elevated account, make working locally on the server very challenging. Besides turning the UAC off, which I don't want to do, is there anyway to exclude NTFS volumes that don't host system files to ignore the elvation flag? Any help will be apprecited. I didn't find the right solution from the Internet. References: https://arstechnica.com/civis/viewtopic.php?f=17&t=85939 [url=https://blog.advids.co/20-video-examples-from-collaboration-software-solutions-and-platforms/]Collaboration Solution Video[/url] Thank you.
9
views
0
replies
1
followers
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft