A console-app runs on a single server in a domain and is tasked with deleting some home areas of users, who are no longer active. These homeareas are located on 50+ different servers spread around the network.
The account runs under the context of an account, that is also a member of the Local Administrator group on each storage server, which has "Full Control" access to the relevant folders.
This works great on a bunch of older servers, but on Windows 2008 it runs into problems. On these servers, "Admin Approval Mode" is enabled for the "Local Administrator" group.
For instance, if I right-click a folder and try to access properties/security (using the same service account), I get this prompt:
I can press continue, and then proceed to use the full control permissions. If I do the same when deleting files, things work like intended.
Is it possible to disable this on a per-user/per server basis, so it would continue to apply to all other accounts – but not to the service-account in question here?
Forgive me if I mess up some of the terminology here. I am just a developer. 🙂
Edit: Made it clear, that I was talking about a console app on a single server, accessing homeareas on many different servers on the network.
Best Answer
This feature is called UAC (User Account Control). It can only be disabled per-server not per-user, to do so go to the start menu, type "msconfig" then open the only entry in the list. In this new window choose the "Tools" tab and select "Change UAC Settings", then pull the sliding scale down to disabled.