Admin right problem with domain user

10 posts / 0 new
Last post
sebastien
Offline
Last seen: 8 years 8 months ago
Joined: 15.11.2012 - 19:07
Admin right problem with domain user

Hi,

I use copsshd 4.4.0. I need right admin with a domain user, on a W2008R2 .

Domain user has no admin right on domain, but i added it in administrator local group.

I am able to connect in ssh, and i have no admin right

DOMAIN\SVC@SRV123 ~
$ shutdown /a
Access is denied.(5)

DOMAIN\SVC@SRV123 ~

If i use a local user in admin local group, it works without problem.

i tried cmd /c, doesn't help.

Is there a solution please ?

Regards

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
Some environments regulate

Some environments regulate members of local administrators group by using the group policy Restricted Groups.

sebastien
Offline
Last seen: 8 years 8 months ago
Joined: 15.11.2012 - 19:07
Hi, In remote desktop (or

Hi,

In remote desktop (or with runas), if i do a connection with domain user, i am able to run the shutdown command.

Only when connection if with copsshd, i have the problem.

Regards

 

 

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
I think that your problem is

I think that your problem is due to remote UAC limitations on Windows Vista and later. You can apply following registry update to turn off remote UAC:

Registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

DWORD value:

LocalAccountTokenFilterPolicy = 1


Explanation of LocalAccountTokenFilterPolicy :

0 - Build a filtered token (default). The administrator credentials are removed.

1 - Build an elevated token.


 

 

 

 

sebastien
Offline
Last seen: 8 years 8 months ago
Joined: 15.11.2012 - 19:07
Hi, system is W2008R2. I have

Hi,

system is W2008R2.

I have disabled uac from user account configuration panel, and rebooted server.

This doesn't change anyhting, still acces denied when trying to run shutdown /a.

 

Regards

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
You've turned off local UAC,

You've turned off local UAC, not remote UAC. They are not same.

sebastien
Offline
Last seen: 8 years 8 months ago
Joined: 15.11.2012 - 19:07
Hi, ok thanks. I have add the

Hi,

ok thanks.

I have add the key. Problem is the same.

After a ssh connexion :

$ reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" | grep Local
    LocalAccountTokenFilterPolicy    REG_DWORD    0x1

DOMAIN\USER@SERVER ~
$ shutdown /a
Access is denied.(5)

 

Regards

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
Did you reboot the machine ?

Did you reboot the machine ?

sebastien
Offline
Last seen: 8 years 8 months ago
Joined: 15.11.2012 - 19:07
Yes, machine has been

Yes, machine has been rebooted.

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
I don't have any other

I don't have any other explanations to this phenomena. I assume that user right -shutdown system- is entitled to your user somehow, either directly or via membership of admins group. You can also configure security event log to record detailed login information and check what really happens.