Hammer, Erich F
2014-10-16 18:40:58 UTC
All,
I'm pretty new here, so if this is too far off topic, please let me know. It's not about *managing* patches, but it is about the probable effect(s) of a patch(es) that have been deployed (and hoping someone knows which one).
Ever since I have rebooted each of my Win7, administrative workstations -- the first one last week for the first time since the September updates -- I'm experiencing a problem related to running utilities as other AD accounts. These are not actions a "normal" user would see, and probably many sysadmins won't notice either (depending on their setups). This is really hampering my ability to administrate (AD, GPOs, SCCM, etc.).
Background: As a best practice, my "user" AD account not an admin on my computers and neither is my "sysadmin" account with additional (but not domain admin) rights to AD, servers, etc.. I've been perfectly functional for many years this way (XP required some tricks, but Vista/Win7 worked great). Apps/MMCs that made local, system changes I would run under a local admin account. Utilities that manage server/domain-type setting/services could be run under the appropriate account (usually sysadmin) with a simple Run as Administrator selection.
Symptoms: At first, my management utility shortcuts did not ask for credentials. They just opened under my user credentials with which I logged in. Strangely, the "run as admin" checkbox was cleared. Fixing that or if I right-click and choose run-as administrator, I am prompted for credentials and then stopped with a window popping up with the message "The requested operation requires elevation."
I can still open things with domain admin credentials, but that is only useful for some operations (and not too safe either). I can still use local admin creds (for local things). I would like to avoid giving local admin rights to my domain-based, sysadmin account.
I'm not having any luck searching on this (mostly finding "how to disable UAC" which is locked on via GPO). Does anyone here have any ideas what changed and which patch may be the cause? Has anyone else even noticed this problem?
Thanks,
Erich
--
erich-8+1tKT+***@public.gmane.org CAS Computing Services
518-442-2651 University @ Albany
"The way to see by faith is
to shut the eye of reason." -- Benjamin Franklin
I'm pretty new here, so if this is too far off topic, please let me know. It's not about *managing* patches, but it is about the probable effect(s) of a patch(es) that have been deployed (and hoping someone knows which one).
Ever since I have rebooted each of my Win7, administrative workstations -- the first one last week for the first time since the September updates -- I'm experiencing a problem related to running utilities as other AD accounts. These are not actions a "normal" user would see, and probably many sysadmins won't notice either (depending on their setups). This is really hampering my ability to administrate (AD, GPOs, SCCM, etc.).
Background: As a best practice, my "user" AD account not an admin on my computers and neither is my "sysadmin" account with additional (but not domain admin) rights to AD, servers, etc.. I've been perfectly functional for many years this way (XP required some tricks, but Vista/Win7 worked great). Apps/MMCs that made local, system changes I would run under a local admin account. Utilities that manage server/domain-type setting/services could be run under the appropriate account (usually sysadmin) with a simple Run as Administrator selection.
Symptoms: At first, my management utility shortcuts did not ask for credentials. They just opened under my user credentials with which I logged in. Strangely, the "run as admin" checkbox was cleared. Fixing that or if I right-click and choose run-as administrator, I am prompted for credentials and then stopped with a window popping up with the message "The requested operation requires elevation."
I can still open things with domain admin credentials, but that is only useful for some operations (and not too safe either). I can still use local admin creds (for local things). I would like to avoid giving local admin rights to my domain-based, sysadmin account.
I'm not having any luck searching on this (mostly finding "how to disable UAC" which is locked on via GPO). Does anyone here have any ideas what changed and which patch may be the cause? Has anyone else even noticed this problem?
Thanks,
Erich
--
erich-8+1tKT+***@public.gmane.org CAS Computing Services
518-442-2651 University @ Albany
"The way to see by faith is
to shut the eye of reason." -- Benjamin Franklin