There seems to be an issue with recent server versions where after promoting a server to be a Domain Controller you loose access to several key functions. The main one seems to occur when trying to access “Change adapter Options” which results in a pop up “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”. In addition, in some cases when you try clicking on management tools such as Gpedit.msc and Control Panel, nothing happens. You can to try to access these using “run as administrator” which doesn’t always work, or create a desktop icon for the app and click the advanced options check box for run as administrator, but I see these as tedious work arounds.
The issue seems to be related to UAC (User Access Control) which can be “tweaked” with Group Policy. Since this occurred after promoting to a DC, one should use the Group Policy Management console rather than the Local Group Policy editor.
Run the GP Management console and edit the Default Domain Policy or a Computer OU of your choice. Locate the following policy, and enable:
Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options || User Account Control: Admin approval mode for the built-in administrator account
Once changed, from an elevated Command prompt run:
If not prompted to do so, you will need to log out and back in.
You should now be able to access your various admin tools that were blocked before.
Leave a Reply