When it comes to Windows 7 and UAC there appears to be three types of account. The standard user, member of the local Administrators group and the “built in” Administrator account (local and domain).
So here is the command that caused me problems:
runas /user:mylocaladmin “mmc.exe gpedit.msc”
Here is the scenario:
Visit a users machine with them logged on and run Group Policy Editor from a normal command prompt with a new account that is a member of the local Administrators. You cannot enable the built-in Administrator account.
RUNAS ERROR: Unable to run – mmc.exe gpedit.msc
740: The requested operation requires elevation
In short you can’t execute this runas command using an account that is a member of local or domain administrators group, unless you disable UAC.
If UAC is enabled then this command above can only be run using the built in Domain or local Administrator account.
Good practice dictates that support staff don’t use built in admin accounts and elevate commands from within a standard account using and account that is a member of domain or local admin groups.
Solution:
Run the command prompt as administrator.
No comments:
Post a Comment