Administrator has been denied access to Sec Policy Console

Toggle sidebar Toggle sidebar
G

gilgamish

Member
Dec 10, 2002
161
0
0
I noticed that the Windows Installer Service has been stopped. logged in as domain administrator i tried to start it with no luck.
cannot log off to another user (Local Admin for example), since the server runs a mailing system that cannot be interrupted for the time being at least.
The domain administrator is also unable to view the Local Policies of the server
So, I tried the Run As (Local Admin) with the same message (Access Denied)
Any ideas why the hell is that happening and how can I resolve such a situation?
 
W

Woodie

Platinum Member
Mar 27, 2001
2,747
0
0
The Windows Installer service is normally stopped. It only starts when requested.

From your description, I'm assuming several things... (Please confirm)

1. You're in a W2K Domain
1.1 This server is a member of the domain
2. You're logging in at the server console in order to try these things

3. Is this server a Domain Controller?
4. Try using GPMC (from an XP device) to figure out what GPOs are applying to the server in question. (Looking for a permission that has been changed)

Very odd...limited testing here shows that I can manage the Installer service both remotely/locally (w/ Domain Admin)
I can view the Local Security Policy only on the server (using TS). (No remote access option in the tool)
I would suspect the Mail application and/or some sort of GPO setting that is being applied unexpectedly.

BTW...you HAVE to get some mail program that can run as a service. Windows has had the RunAsService application model since the days of Windows NT 3.51...your vendor needs to get up to speed!
 
S

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
Since you've indicated that you tried it with both a local accoutn as well as a domain account I'm going to assume

I agree with woodie, your mail app should not be running under your domain admin account. Also if your vendor doesnt have a version that runs as a service nativly you should be looking into using something like servany.exe to do it.

As for your problem pulling up gpedit.msc what is logged in the event log when you try and do this?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom