I have created a user admin and putted this user in the Administrators Groups (local, there is no AD). But This admin user has not the same rights as the Administrator user itself.
Example 1: a file is owned by SYSTEM and the Administrators Group has full control. If I try to add permissions for a user to this file, it doesn't work for the admin user. With the Administrator is works without any problem.
Example 2: IE Enhanced Security Configuration is set OFF for Administrators, ON for Users. For the Administrator this is OK, for the admin user it is still on.
Is this a configuration problem? If so, what do I need to do to make it right?
Best Answer
This could be caused by User Account Control, a feature (hated by many) which makes so that, even if you have administrative rights, you don't actually have them unless you explicitly request them. There are two distinct policies governing UAC behaviour (both found in
Computer settings\Windows settings\Security settings\Local policies\Security options
), one for the built-inAdministrator
account, and another one for all other administrative users:What this means is: by default, the built-in
Administrator
account is not affected by UAC, while all other administrative users are; thus, it's possible for an administrative user (different from the built-itAdministrator
) to not actually have administrative rights, even if it's a member of theAdministrators
group.More info here.