Subscribe to Windows IT Pro

Forums

Welcome to the Windows IT Pro community forums! The forums are designed to give Microsoft Windows IT professionals and system administrators a gathering place to ask technical questions, get answers to problems, and provide solutions for forum posters. We have forum areas dedicated to popular topics like Microsoft Exchange and Outlook, Windows Server 8, virtualization, security, and Windows 8, as well as many more.

We'd encourage you to register so you can become an active forum participant by contributing your own questions and answers.

Our forums are moderated and maintained by our Forum Pros, who are all veteran IT professionals with extensive hands-on, real-world IT experience. Please visit our Meet the Forum Pros page to learn more about these IT experts. We also have community forums dedicated to Microsoft SharePoint and Microsoft SQL Server topics as well.

Forums > Windows Client > Windows Vista

UAC and file system

Last Post 22 Mar 2007 05:01 AM by FredITPro. 6 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
FredITPro
Rookie
Rookie
Posts:1

--
12 Mar 2007 01:13 PM
I've run into one UAC challenge I haven't found the workaround for yet. As a local admin, I may want to manually add or remove files from a system directory (example, c:\windows\system32). However, from what I've been able to determine, UAC blocks access to system directories even if you're a local admin. It does not even give the "are you sure" prompt, it simply denies access.

I have found that the local Administrator (wth default UAC settings) does not have this problem. However, since you cannot use runas for Windows Explorer, I had to use runas in a command prompt to copy files to system32. This is very inconvenient. I hope that I am missing something, that there is a way for other admin accounts to write to system directories without disabling UAC?

Rich
FredITPro
Rookie
Rookie
Posts:1

--
22 Mar 2007 05:01 AM
Not that I can see off the top of my head. It certainly isn't in the standard UAC rules and I had a look around elsewhere, but couldn't see an appropriate policy (the Vista stuff I've been working on just deals with the standard UAC policies)
FredITPro
Rookie
Rookie
Posts:1

--
22 Mar 2007 12:51 PM
I figured out the problem. When I was trying to copy a file to system32, the source "folder" was a .cab file. That does generate an access denied message. However, copying files from other sources only generates typical UAC warnings.

Rich
MikeAdams
Basic Member
Basic Member
Posts:219

--
22 Mar 2007 01:35 PM
To add another wrinkle to this problem, it seems to be possible to do this via the GUI, but not through command line.

I tried copying a text file from root of C: to C:\Windows via "copy" command.

Even in a command window running as administrator, "access id denied".

Works fine in GUI, though...

FredITPro
Rookie
Rookie
Posts:1

--
22 Mar 2007 07:35 PM
Yes, I've also noticed that UAC doesn't work well through command prompts because it can't prompt you. If you only have file access through the Administrators group, UAC blocks you, you must explicitly define your username (or maybe another group, haven't tried that yet) permission to get access to files/folders via a command prompt. (or to not get UAC prompts inthe gui).

Rich
JPOPP
Advanced Member
Advanced Member
Posts:918

--
22 Mar 2007 09:05 PM
That does seem rather odd. I typically run a CMD prompt on my machine under the "Run As Administrator" option and haven't had any issues with UAC. I was able to copy a .TXT from C:\ to C:\Windows and c:\Windows\System32 with no problem.

I use that elevated CMD prompt for most admin related activities and I also will generally launch a generic MMC snap-in from that elevated command prompt that has my management tools. That way I can launch the MMC under ADministrator access while also being able to provide different domain user credentials (since I log into my workstation with one account and open admin tools with a separate account). You can do the same with just about any .exe

Examples:
runas /noprofile /netonly /user:<domain>\<username> MMC
runas /noprofile /netonly /user:<domain>\<username> "C:\Program Files\Internet Explorer\iexplore.exe"




camping tents | hiking equipment | camping equipment
cmosentine
Rookie
Rookie
Posts:8

--
29 Mar 2007 03:42 AM
Try powershell??
You are not authorized to post a reply.
Forums > Windows Client > Windows Vista
Acceptable Use Policy
Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.