Comments on: NTFS Rights Issue with UAC, logged on with Domain Admin Account http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/ COMPLETELY FULL OF I.T. Fri, 01 May 2009 19:30:33 +0000 http://wordpress.com/ hourly 1 By: Ben http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-657 Ben Mon, 01 Dec 2008 21:51:49 +0000 http://drewh70.wordpress.com/?p=202#comment-657 This appears to me as nothing more than a band-aid to mis-implemented security to begin with. As described it's supposed to prevent malware and the like from making changes while running under the login of an administrative account. On a home system this can be useful as many users never create standard accounts to use. However in a domain environment it simply does nothing more than cripple administrative progress by totally trashing the usefulness of transitive security. I don't disagree with the results, nor the reasoning, but the execution was half-assed like many other new "features" in the 08/ vista line-up. This appears to me as nothing more than a band-aid to mis-implemented security to begin with. As described it’s supposed to prevent malware and the like from making changes while running under the login of an administrative account. On a home system this can be useful as many users never create standard accounts to use. However in a domain environment it simply does nothing more than cripple administrative progress by totally trashing the usefulness of transitive security. I don’t disagree with the results, nor the reasoning, but the execution was half-assed like many other new “features” in the 08/ vista line-up.

]]> By: Ben http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-656 Ben Mon, 01 Dec 2008 21:45:51 +0000 http://drewh70.wordpress.com/?p=202#comment-656 This appears to me as nothing more than a band-aid to mis-implemented security to begin with. This totally trashes the usefulness of transitive security. I don't disagree with the results, nor the reasoning, but the execution was half-assed like many other new "features" in the 08/ vista line-up. Wasn't the purpose of computing to make life easier? This appears to me as nothing more than a band-aid to mis-implemented security to begin with. This totally trashes the usefulness of transitive security. I don’t disagree with the results, nor the reasoning, but the execution was half-assed like many other new “features” in the 08/ vista line-up. Wasn’t the purpose of computing to make life easier?

]]> By: John http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-651 John Wed, 12 Nov 2008 15:53:19 +0000 http://drewh70.wordpress.com/?p=202#comment-651 This was precisely my issue. How silly that it restricts local access for domain admins. Also worth noting is that if you are accessing these files via a network share, the Share and NTFS rights work as expected allowing the domain admin access. It's only when logged in and accessing the files from the desktop that UAC denies access. I too think this is lame and should be addressed by Microsoft. This was precisely my issue. How silly that it restricts local access for domain admins. Also worth noting is that if you are accessing these files via a network share, the Share and NTFS rights work as expected allowing the domain admin access. It’s only when logged in and accessing the files from the desktop that UAC denies access. I too think this is lame and should be addressed by Microsoft.

]]> By: Vinod http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-645 Vinod Tue, 28 Oct 2008 02:11:40 +0000 http://drewh70.wordpress.com/?p=202#comment-645 It is also interesting to note that while UAC give you prompt for a user who is a member of Domain admin, it does not prompt you if you are using domain admin "administrator" which is the orignal admin account created with the domain. Has anyone noticed this?? It is also interesting to note that while UAC give you prompt for a user who is a member of Domain admin, it does not prompt you if you are using domain admin “administrator” which is the orignal admin account created with the domain. Has anyone noticed this??

]]> By: Tom http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-637 Tom Tue, 23 Sep 2008 23:40:21 +0000 http://drewh70.wordpress.com/?p=202#comment-637 This is a bit of an annoyance and I'd be interested to see the reasoning behind this and the suggested "best practices" to overcome this issue. This is a bit of an annoyance and I’d be interested to see the reasoning behind this and the suggested “best practices” to overcome this issue.

]]> By: Bob McChesney http://drewh70.wordpress.com/2008/06/20/ntfs-rights-issue-using-uac-with-a-non-built-in-domain-admin-account/#comment-631 Bob McChesney Mon, 08 Sep 2008 14:38:13 +0000 http://drewh70.wordpress.com/?p=202#comment-631 I also find this behaviour quite annoying, but I think it's by design. http://msinfluentials.com/blogs/jesper/archive/2007/01.aspx explains the behaviour well. What I don't understand is why an windows explorer window opened with elevated permissions also has this issue. When running in elevated mode the Administrators group should apply I think (it does if you running cmd elevated). I also find this behaviour quite annoying, but I think it’s by design. http://msinfluentials.com/blogs/jesper/archive/2007/01.aspx explains the behaviour well.

What I don’t understand is why an windows explorer window opened with elevated permissions also has this issue. When running in elevated mode the Administrators group should apply I think (it does if you running cmd elevated).

]]>