Nasty UAC with Explorer in Windows Server 2008 R2

When installing a new server/workstation with Server 2008 R2 or Windows 7. I’m having a strange problem.

For instance, my D partition on my laptop (which runs Windows 7) has default the built in USERS group with right to read the partition. Oké lets remove those rights. Now the partition has only Administrators and System with Full Control. But when opening the partition we are getting a Access Denied warning :?.

image

How is that possible? Well, the explorer process is still running in ‘User’ mode. When opening the explorer in ‘Admin’ mode we still getting the Access Denied warning.

image  image

Why? Well, actually the explorer isn’t started in elevated mode. But only the first process. That triggers a DCOM to open the Explorer, witch runs in ‘User’ mode 😉

How do we disable that? First open regedit en navigate to: HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E0207520C2}

image

Rename the RunAs to something else, like: _RunAs (Become owner first ;))

image

And now it’s possible to open the explorer in elevated mode. And it’s possible to set the correct permissions without adding your own account first.

IP Adres Scriptje

Ik rol een Citrix XenApp Server meestal uit met een script. En dan is aan de klant de keuze welke methode hiervoor gebruikt moet worden. Hieronder een simpel batch script waarmee je ip gegevens kan zetten op een bepaalde NIC. Het enige wat je moet weten van te voren is de naam van de NIC in Windows. Maar deze zal op alle Citrix servers identiek zijn.

Dit script zet dus de ipgegeven aan de hand van de hostname. Ik houd rekening met lokaties waarop de Citrix server staan.

Bijvoorbeeld
Lokatie A begint met 10.33.64.? (Waarbij de ? het nummer is van de Citrix server)
Lokatie B begint met 10.33.65.? (Waarbij de ? het nummer is van de Citrix server)
ACTX001 (Lokatie A, Citrix server, Nummer 1) = 10.33.64.1
BCTX001 (Lokatie B, Citrix server, Nummer 1) = 10.33.65.1
ACTX002 (Lokatie A, Citrix server, Nummer 2) = 10.33.64.2 etc

Script
If %COMPUTERNAME:~0,1% == A Goto SiteA
If %COMPUTERNAME:~0,1% == B Goto SiteB

Goto End

:SiteA 

NETSH INTERFACE IP SET ADDRESS NAME=”Local Area Connection 5″ SOURCE=STATIC 10.33.64.%COMPUTERNAME:~4,3% 255.255.254.0 10.33.65.254 1

NETSH INTERFACE IP SET DNS NAME=”Local Area Connection 5″ SOURCE=STATIC 10.33.32.129 PRIMARY

NETSH INTERFACE IP ADD DNS NAME=”Local Area Connection 5″ 10.33.32.130

Goto End 

:SiteB

NETSH INTERFACE IP SET ADDRESS NAME=”Local Area Connection 5″ SOURCE=STATIC 10.33.65.%COMPUTERNAME:~4,3% 255.255.254.0 10.33.65.254 1

NETSH INTERFACE IP SET DNS NAME=”Local Area Connection 5″ SOURCE=STATIC 10.33.32.129 PRIMARY

NETSH INTERFACE IP ADD DNS NAME=”Local Area Connection 5″ 10.33.32.130

 

Goto End

:End

IPCONFIG /REGISTERDNS