• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Administrator has been denied access to Sec Policy Console

G

gilgamish

Member
I noticed that the Windows Installer Service has been stopped. logged in as domain administrator i tried to start it with no luck.
cannot log off to another user (Local Admin for example), since the server runs a mailing system that cannot be interrupted for the time being at least.
The domain administrator is also unable to view the Local Policies of the server
So, I tried the Run As (Local Admin) with the same message (Access Denied)
Any ideas why the hell is that happening and how can I resolve such a situation?
 
The Windows Installer service is normally stopped. It only starts when requested.

From your description, I'm assuming several things... (Please confirm)

1. You're in a W2K Domain
1.1 This server is a member of the domain
2. You're logging in at the server console in order to try these things

3. Is this server a Domain Controller?
4. Try using GPMC (from an XP device) to figure out what GPOs are applying to the server in question. (Looking for a permission that has been changed)

Very odd...limited testing here shows that I can manage the Installer service both remotely/locally (w/ Domain Admin)
I can view the Local Security Policy only on the server (using TS). (No remote access option in the tool)
I would suspect the Mail application and/or some sort of GPO setting that is being applied unexpectedly.

BTW...you HAVE to get some mail program that can run as a service. Windows has had the RunAsService application model since the days of Windows NT 3.51...your vendor needs to get up to speed!
 
Since you've indicated that you tried it with both a local accoutn as well as a domain account I'm going to assume

I agree with woodie, your mail app should not be running under your domain admin account. Also if your vendor doesnt have a version that runs as a service nativly you should be looking into using something like servany.exe to do it.

As for your problem pulling up gpedit.msc what is logged in the event log when you try and do this?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top