Nasty UAC with Explorer in Windows Server 2008 R2

Published by Jeroen Tielen on

When installing a new server/workstation with Server 2008 R2 or Windows 7. I’m having a strange problem.

For instance, my D partition on my laptop (which runs Windows 7) has default the built in USERS group with right to read the partition. Oké lets remove those rights. Now the partition has only Administrators and System with Full Control. But when opening the partition we are getting a Access Denied warning :?.

image

How is that possible? Well, the explorer process is still running in ‘User’ mode. When opening the explorer in ‘Admin’ mode we still getting the Access Denied warning.

image  image

Why? Well, actually the explorer isn’t started in elevated mode. But only the first process. That triggers a DCOM to open the Explorer, witch runs in ‘User’ mode 😉

How do we disable that? First open regedit en navigate to: HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E0207520C2}

image

Rename the RunAs to something else, like: _RunAs (Become owner first ;))

image

<

p align=”left”>And now it’s possible to open the explorer in elevated mode. And it’s possible to set the correct permissions without adding your own account first.


Jeroen Tielen

Experienced Consultant/Architect with a demonstrated history of working in the information technology and services industry. Skilled in Citrix, Microsoft, VMware, Ivanti, etc.

2 Comments

Joe Davis · June 30, 2011 at 20:46

Thanks for this! I looked everywhere for a solution and finally found your post. I wish MS would make this the default.

xpclient · February 11, 2013 at 12:18

Explorer can run as admin but when you close the window, the admin Explorer process doesn’t cleanly exit. Have to terminate it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: