Monday, August 17, 2009 10:29 AMI've the following scenario, 1 DC and 1 domain joined memberserver, same subnet, all 2008 R2. Forest functional level is 2008 R2.
If i work with the builtin Administrator everything works perfect. I've created a new user (copy of builtin Administrator), named it ADM, with this account I've problems on accessing files and directories which have only permissions for System & Administrators. I've added the ADM account explicit to the local Administrators group of the memberserver, same behavior. Ok, since I'm in the testing phase I've walked to another chapter and left the filepermissions away.
Next I've tried to create a Managed Service Account in Powershell. For this I've used the ADM Account. Even if the Powershell is started as Administrator I've got the following errormessage during creation: New-ADServiceAccount : Access is denied. If I use the builtIn Administrator (the source of my copied ADM account) everything works like a charme.
Ok, possible there is a problem with my installation, setup another DC and tried only the New-ADServiceAccount thing. Same results. With the Built-In Administrator -> OK with another Account (with Domain Admins, Enterpsie Admins, ... permissions) I still get an Access denied.
Whats wrong with my setup?
Thanks for your reply ...
Monday, August 17, 2009 8:31 PM
Problem is solved, there where two things.
1. Filepermissions: Disable UAC, ok it's more a workarround than a real solution ...
2. New-ADServiceAccount: The password for the user who perform the tasks has to be different from the Administrators password.
- Marked As Answer by Daniel Abegglen Monday, August 17, 2009 8:31 PM
Tuesday, August 18, 2009 2:29 AMModerator
Thank you for posting here.
The file permission issue may be caused by the UAC Admin Approval Mode. You can try to disable it. For detailed information, please refer to the following article.
Administrators in Admin Approval Mode
Regarding the New-ADServiceAccount error, I tried to create an administrator account whose password is the same with built-in administrator and I didn’t get the Access is Denied error. This may be caused by other factors. If you would like to, create another admin account to test.
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact email@example.com
This posting is provided "AS IS" with no warranties, and confers no rights.