Could be a UAC thing, might also try to run as administrator
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi all,
Used to log on to our DC as domain\administrator but with more than one IT person now, wanted each admin to use their own admin-level account.
When using new admin account this morning, noticed that I could not change a .ini file in a program folder. It said I did not have enough rights.
I checked that:
so the new account should get inherited permissions first from Domain Admins and then from the domain's Administrators group (nested) - but obviously it doesn't.
Is there something funky on a DC where the rights do not show up correctly via inheritance?
Could be a UAC thing, might also try to run as administrator
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Didn't seem to help. It seems like a folders permission thing.
whoami /groups
may provide something useful.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Have a look at this tool which allows you see the permissions that have been assigned and then use the Trust Mode against the new admin account and the existing admin account to see if they have different permissions.
https://nettools.net/acl-viewer/
Gary.