I'm a mac user making my first foray into windows development and I've run into some confusing admin privilege errors. I'm running a Windows 10 install via Bootcamp on my macbook pro that I just set up yesterday (I haven't "activated windows" ie not paid for it, not sure if that would make a difference with my issue). I'm an administrator and also the only user on the system, which I confirmed by first checking through the Settings app, and then by running these commands:
C:\Users\will\code\chrome-native-messaging>net user "%username%"
User name will
Full Name
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 9/26/2016 1:38:13 PM
Password expires Never
Password changeable 9/26/2016 1:38:13 PM
Password required No
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 9/28/2016 1:03:42 PM
Logon hours allowed All
Local Group Memberships *Administrators *Ssh Users
Global Group memberships *None
The command completed successfully.
C:\Users\will\code\chrome-native-messaging>net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Members
-------------------------------------------------------------------------------
Administrator
will
The command completed successfully.
However, when I run another command suggested in an SO thread to verify my admin status, I get an access denied error:
C:\Users\will\code\chrome-native-messaging>fsutil dirty query %systemdrive%
Error: Access is denied.
Any pointers on how to successfully run this command are much appreciated. thanks!
Did you launch the command prompt with Run as Administrator?
fsutil requires the command prompt to be elevated. You can check this by seeing if "Administrator: C:...\cmd.exe" is in the command prompt's title bar.
Related
This is something I encountered after upgrading our servers from 2016/2019 to 2022:
When I tried to open our Active Directory with another user, it would always deny the access even though the user has full admin rights.
I do not know what exactly they changed or why it is happening.
Since I do not have access to the Group Policy (outsourced IT), I had to do the following for every server:
Stop the seclogon service (if running) over the console with net stop seclogon
You need to open the console with admin rights for this to work. Paste the following wrapped command into the console and press enter:
sc sdset seclogon D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPDTLOCRRC;;;IU)(A;;CCLCSWDTLOCRRC;;;SU)(A;;CCLCSWRPDTLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
The runas command will now work again.
I have a Windows cluster provisioning script. I am not able to execute the New-Cluster command as Administrator. It says that the user should be a domain user to be able to execute the command.
I m trying to use PSExec to login as a domain user and try if the command is working, but still with no success.
C:\Users\Administrator\Desktop\PSTools\PsExec.exe -s -u name -p "pass" -accepteula cmd /c "powershell -noprofile & { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File"C:\scripts\cluster-config.ps1" " -Verb RunAs; exit }"
(I have passed the params correctly while executing)
The cluster-config.ps1
param(
[Parameter(Mandatory=$true)][string]$clusterName,
[Parameter(Mandatory=$true)][string]$srv1,
[Parameter(Mandatory=$true)][string]$srv2,
[Parameter(Mandatory=$true)][string]$clusterIP
)
#Create and configure the WinCluster
New-Cluster -Name $clusterName -Node $srv1,$srv2 -StaticAddress $clusterIP -AdministrativeAccessPoint ActiveDirectoryAndDns
How can I create a Windows Cluster as ad Administrator? Unfortunately direct login with domain user credentials is not possible.
In order to create the new Cluster, you need to have the rights to be able to create a new Cluster computer account in Active Directory. A normal Domain User does not have rights to create a new computer account in Active Directory unless they have the rights delegated to them.
Your statement "direct login with domain user credentials is not possible" is not possible at all. A cluster in an Active Directory creates a physical Computer Account in Active Directory. If you do not have access/don't login to Active Directory you cannot create a cluster.
Usually for a cluster, a Domain Administrator has to first create the cluster (and thereby creating the appropriate Computer account). Then using that newly created account, delegate access. Once the cluster has the appropriate rights delegated to it, if can create the Computer Accounts needed to create the roles needed for the cluster.
Create the cluster with a Domain Administrator login. This will create the initial Active Directory Computer account.
In Active Directory we need to then delegate control for the computer account and Configured Cluster name CLUSTERNAME with rights to add computers to the domain (so that it has rights to add the resources to AD):
Active Directory Users and Computers -> right-click domain -> Delegate Control
Enter Computer Name – CLUSTERNAME
Delegate the following common tasks -> Join a Computer to the domain
I have a service running at local system account (NT AUTHORITY\SYSTEM). This service shall connect to local subversion repository. Is this possible?
I tried this
svn export --non-interactive http://localhost/svn/MyRepository TargetFolder
but it does not work. As far as I know I cannot set any password for "NT AUTHORITY\SYSTEM". I don't like to use my personal account and put my password there as clear text.
My SVN runs on VisualSVN-Server
You should never use SYSTEM account for such tasks for numerous security reasons. Create and use a dedicated local Windows or Active Directory account with limited permissions.
Setting up the cached authentication credentials for the System user requires running an svn.exe command as the System user. Windows Vista+/Server 2008+ doesn't make that easy.
Install psexec from https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
Start an elevated cmd.exe as Administrator.
Run "psexec -i -s cmd.exe".
A new cmd.exe should appear which is running as the System user.
Type whoami. Verify the output reads something like "nt authority\system".
Perform a subversion command like "svn --username your-svn-user list your-https-repo-url".
When prompted by svn.exe, enter the password for your-svn-user.
The "svn auth" command allows you to examine the cached credentials.
Note if a new SSL certificate is installed on the Subversion server, you'll have to repeat this process.
For more responses on this topic: How do you run CMD.exe under the Local System Account?
When I run the NetCA silently on Windows Server 2012 R2, it prompts me to specify a password "Oracle Home User Password". Is there some way that I could provide the password as a parameter or in the response file. I do not see any default property in the netca.rsp but was wondering how to make it completely unattended.
FYI, the output when I run the netca in silent mode. See the last line in the output where it prompts me to specify the password. Also, I am running the command prompt as administrator and I have even tried to login as 'oracle' user account to run the netca, but I run into the same prompt.
C:\oracle\product\12.1\dbhome_1\BIN>netca -silent -responsefile "C:\Oracle DB Server and Client\installer\netca.rsp"
Wed May 13 10:42:44 EDT 2015 Oracle Net Configuration Assistant
Parsing command line arguments:
Parameter "silent" = true
Parameter "responsefile" = C:\Oracle DB Server and Client\installer\netca.rsp
Done parsing command line arguments.
Oracle Net Services Configuration:
Enter Oracle Home User Password:
I was able to resolve the issue by providing the password in the response file.
#SERVICEUSERPASSWORD;String;Windows service user password
# If the oracle home is installed as secure user, supply the password
SERVICEUSERPASSWORD=""<password>""
Its a bit confusing when it prompts for "Oracle Home User Password" while the property in the response file reads SERVICEUSERPASSWORD.
Win7. Postgres 9.3.
Every time I type "postgres" in cmd I get this error.
Created a new account without any admin rights and with "Log on as" rights and with correct directory access rights to postgres/data, then I set this account as the "Log on as" in the services menu, but I still get the same error.
update2017: I never found a solution to this.
For windows do this:
Start cmd.exe (administrator as you are)
Add postgres user:
net user postgres your_password /add
Start a cmd.exe using your new postgres account:
runas /user:postgres cmd.exe
You can validate you are login correctly using" whoami
Run postgres normally.
It is not clear from your question whether you are trying to start the Postgres service or "manually" start Postgres without having a Windows service registered.
Since 9.x Postgres does not require it's own Windows user account to run the service. It defaults to use the built-in "Network" account.
To start the Postgres service (if it has been correctly installed), simply use use
net start postgresql-9.3
(the actual name might be different)
If you did not register a Windows service you should start Postgres through pg_ctl.exe not through postgres.exe. pg_ctl.exe will drop any administrative privileges from the process when starting the server.
To start Postgres manually from the commandline use:
pg_ctl -w -D c:\Path\To\The\DataDirectory
assuming that the access rights to the data directory are setup correctly so that the current user has full access to the directory.
If you want to install/create the Windows service manually, you can also do this through the pg_ctl program:
pg_ctl register -N "postgresql-9.3" -D c:\Path\To\The\DataDirectory
Again the access rights to the data directory must be setup correctly.