On our Windows 2003 standalone servers we would normally create a new Administrator account (by making the account a member of the Administrators group) and disable the built-in one.
However when doing this on Windows 2008 we find that this new administrator account requires "Run As Administrator" or will perform UAC prompting to access certain folders that the built-in Administrator account doesn't do.
Is there a way around this (without tampering with the UAC settings in the local security policy)?
-
No. In 2008 even the administrator account does not run a process with admin priviledges normally, but will start an UAC promt once the process needs admin priviledges. This was done to increase security.
Kev : Seems to UAC request an awful lot less than an account that's a member of the Administrators group. In fact I don't think I've been prompted so far on the Windows 2008 R2 boxes I've working on just now.TomTom : I just got one - ipconfig /flushdns requires elevated priviledges, not a normal command prompt ;)Kev : @TomTom - Not that way on 2008-R2, I'm logged on as "Administrator" on a clean box. When you start cmd.exe it automatically runs with elevated privileges (it even says "Administrator: C:\Windows\system32\CMD.exe" in the window title). The "Run as administrator" advanced property on the shortcut is unchecked.mrdenny : This is because the local admin account has a couple of extra UAC rights granted to it which makes everything that happens in the local admin account run under the admin context. Edit the local security policy and look at the security settings and find the UAC settings at the bottom.From TomTom -
Why creating a new account?
You should renamed the builtin administrator account using a GPO instead. You can find details in KB 816109
Kev : Why rename using a GPO instead of using the rename in the computer manager MMC?Benoit : @Kev: Because GPOs allow you to apply a common settings to several servers at once. And it is transparent. Each new server will automatically 'catch' the settings.From Benoit
0 comments:
Post a Comment