Thursday, November 11, 2010

STSADM returns access denied in Windows Server 2008

STSADM returns access denied in Windows Server 2008 when you are working as a SharePoint Administrator. WTF?

Imagine you installed Windows Server 2008 R2 with SharePoint Server 2007/2010 recently and want to do administrative tasks by using the STSADM command. You login as an administrator, start the command prompt and execute one stsadm command. The execution of the command takes longer as expected and suddenly… access denied.
Just hold on a moment.We are local machine administrators and SharePoint administrators. How many permissions do we need more?
After searching a while and thinking what happened I discovered that this has to do with the new security features provided in Windows Server 2008. Certain operations are also limited for an administrator when you do not tell Windows Server 2008 to run the application with administrator privileges. You can do it by right-click on the executable and by pressing run as administrator.
After running the command prompt as administrator you can execute stsadm without any issues.
In addition, I noticed a light performance degradation during the stsadm commands execution using this mode. This is only an assumption, but I think this has something to do with permissions checks executed in the background. I tried to change the user account control settings and disabled the notifications. You can do it anytime by starting the control panel and jumping in the change user account control settings link.
Note: you can insert “uac” in the control panel’s search panel to filter the options.

Note: you are disabling this functionality and giving the possibility to potential harmful programs to damage your system.
After this operation, you have to restart your machine. Then, you don’t need to run the application with administrator privileges. In addition, I noted a performance improvement after the execution of the stsadm command. I can’t explain exactly why it is so. This is only a personal feeling.
Please don’t get me wrong. I think that this functionality is very helpful to improve the system security of your machine. However, there are certain situations where you become annoyed from this functionality and you want to disable it (for example in a development environment).

Hope this helps

No comments:

Post a Comment