Nasty UAC with Explorer in Windows Server 2008 R2

When installing a new server/workstation with Server 2008 R2 or Windows 7. I’m having a strange problem.

For instance, my D partition on my laptop (which runs Windows 7) has default the built in USERS group with right to read the partition. Oké lets remove those rights. Now the partition has only Administrators and System with Full Control. But when opening the partition we are getting a Access Denied warning :?.

image

How is that possible? Well, the explorer process is still running in ‘User’ mode. When opening the explorer in ‘Admin’ mode we still getting the Access Denied warning.

image  image

Why? Well, actually the explorer isn’t started in elevated mode. But only the first process. That triggers a DCOM to open the Explorer, witch runs in ‘User’ mode 😉

How do we disable that? First open regedit en navigate to: HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E0207520C2}

image

Rename the RunAs to something else, like: _RunAs (Become owner first ;))

image

<

p align=”left”>And now it’s possible to open the explorer in elevated mode. And it’s possible to set the correct permissions without adding your own account first.

2 thoughts on “Nasty UAC with Explorer in Windows Server 2008 R2

  1. Thanks for this! I looked everywhere for a solution and finally found your post. I wish MS would make this the default.

  2. Explorer can run as admin but when you close the window, the admin Explorer process doesn’t cleanly exit. Have to terminate it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top