20,213 questions
You'll need to grant local administrator permissions on the server hosting the shares.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Windows 2016 Server | Manager would like access to unlock/close open files.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 53%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rudolf Amarlapudi
546
Reputation points
Hello,
We have a user that would like to be able to access the server "Computer Management" to close any locked files. They have had situations where a file is open...and they don't know who does.
I would like to limit access to anything else that he can break. What are the minimum permissions the AD account would need to access Computer Management and close any open files?
Thanks in advance.
Regards,
Rudy
Windows for business | Windows Server | User experience | Other
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-12-24T22:34:30.32+00:00 -
Anonymous
2021-12-28T13:45:12.463+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
MotoX80 36,401 Reputation points2021-12-25T16:30:02.1+00:00 What I have done in the past is to write my own ASPX page to perform certain administrative functions for users that are not members of the Administrators group. The key is to authenticate the user but not impersonate them and use SYSTEM for the IIS worker process account.
While your manager might need access, if you have a help desk you could add those users too.
If there is no native DotNet API to perform the desired function, then write code to shell out command line programs and capture stdout and stderr. Thay way, anything an admin can do from a command prompt can be implemented in a web page. The added benefit is that the page can also log activity so when the inevitable 'who closed my session" question gets asked you can examine the log to see who did what.