Vista Security

  • Thread starter Thread starter Simon Dean
  • Start date Start date
S

Simon Dean

So I just upgraded to Vista from XP. Had a few issues with security,
couldn't open Control Panel or windows Explorer, was getting "Windows
Cannot Access the Specified Device, path. or file" etc.

That was until the Windows updates are installed.

Now, it's asking for authentication whenever I do anything.

I don't have a working domain server (I have Samba, but that doesn't
seem to be authenticating). I can't change the registry settings or use
secpol because I don't have an administrative account, despite, my
domain account blargle\sjdean supposedly being in the local
Administrators group. I can't install any programs or make changes to
the network, or even, hell, reset passwords...

Any thoughts?

Im desperate.

Cheers
Simon
 
Hi Simon--

I think you will be helped by going to secpol.msc and changing this setting
(type secpol.msc) into the run box you bring up by hitting the Windows Key +
r at the same time. The item I'm zeroing in on in the sequence below is #6:

6. Elevate without prompting

In this case, applications that have been marked as administrator
applications, as well as applications detected as setup applications, will
automatically run with the full administrator access token. All other
applications will automatically run with the standard user token.

Take a look at this and let me know if you fix this situation to your
liking. I think the key is to go to secpol.msc in the run box or you can
take longer to get their according to this help link. You also may have to
go to the security tab of some folders by right clicking
them>properties>security tab>edit and highlight your user profile and make
sure all the items in the boxes are checked>apply>ok>reopen:



http://windowshelp.microsoft.com/Windows/en-US/Help/1cc0e3a8-2cc0-43dc-b063-fa26fe5962c01033.mspx

Scroll Down to "Change the behavior of the User Account Control message for
administrators in Admin Approval Mode"

Use the following procedure to change the User Account Control message
behavior for administrators.

To perform the following procedure, you must be using Windows Vista
Enterprise or Windows Vista Ultimate, and you must be able to log on with or
provide the credentials of a member of the local Administrators group.

To change the behavior of the User Account Control message for
administrators in Admin Approval Mode
1. Click Start, click All Programs, click Accessories, click Run, type
secpol.msc in the Open box, and then click OK.

Top of page
2. If UAC is currently configured in Admin Approval Mode, the User Account
Control message will appear. Click Continue.

Top of page
3. From the Local Security Policy tree, click Local Policies, and then
double-click Security Options.

Top of page
4. Scroll down to and double-click User Account Control: Behavior of the
elevation prompt for administrators in Admin Approval Mode.

Top of page
5. From the drop-down menu, select one of the following settings:

Top of page
6. Elevate without prompting

In this case, applications that have been marked as administrator
applications, as well as applications detected as setup applications, will
automatically run with the full administrator access token. All other
applications will automatically run with the standard user token.

Top of page
7. Prompt for credentials

In this case, in order to give consent for an application to run with the
full administrator access token, the user must enter administrator
credentials. This setting supports compliance with Common Criteria or
corporate policies.

Top of page
8. Prompt for consent

This is the default setting.

Top of page
9. Click Apply.

Good luck,

CH
 
Chad said:
Hi Simon--

I think you will be helped by going to secpol.msc and changing this
setting (type secpol.msc) into the run box you bring up by hitting the
Windows Key + r at the same time. The item I'm zeroing in on in the
sequence below is #6:
Click to expand...

That doesn't work for me. Access is denied, I apparently don't have
permission to do this!

I don't seem to have permission to do anything!

Cya
Simon
 
Well Simon, I'm not sure why but temporarily turn off UAC by using msconfig
to get things done. I have not found UAC that intrusive in Vista, and I let
it run but at times I have to take control of folder permissions via the
security tab.

CH
 
Chad said:
Well Simon, I'm not sure why but temporarily turn off UAC by using
msconfig to get things done. I have not found UAC that intrusive in
Vista, and I let it run but at times I have to take control of folder
permissions via the security tab.

CH
Click to expand...

again, I don't have security clearance to perform that task!

I managed to find a work around though.

Reboot using the CD, Rescue and Recovery, do a system restore to remove
all Microsoft Updates which gave me back administrative rights to my
domain user.

This allowed me to go into User Accounts and set up an extra local admin
user, enable the original administrator, and change all passwords just
in case.

From here I then managed to re-join my domain and everythings working
now as it should.

I just need to copy one local profile to another. I tried editing the
registry, but I keep getting logged off everytime I try to log in. Looks
like I'll just have to copy everything by hand.

Cya
Simon
 
Back
Top