When windows introduced User Access Controls (UAC) years ago, I knew we were in trouble. These controls have caused me more troubles as an administrator of systems then any other windows feature that I can think of and there are lots of features that drive me crazy. I recently had a client change their group policies up which tightened things up and for their organization it is a huge positive, but for a backend administrator that just wants to get the crazy installs and configurations done the policy change impacted my administrator account very negatively.
According to my privileges I had UAC turned off, I was in the administrators group, I was assigned the administrator privileges but I was still unable to delete a file from my temp directory without it tell me that “You’ll need to provide administrator permission to do <this action>”! Seriously, I created the file, I modified the file, I am the owner of the file, but sorry today, you can’t delete it! Come on man! Really!
Now I understand the reason why, and if you don’t understand why, do a little reading on UAC, and if you still don’t understand, I highly don’t recommend you make this change I am about to suggest.
The policy forced a registry setting that I could not change any other way then through the registry editor, and once I changed a rebooted the machine, no more problems:
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System – Value: EnableLUA
This was set to 1 (Hex: 0x00000001) which enables the policy “administrator in Admin Approval Mode” user type while also enabling all other UAC policies. I changed the value to 0 (Hex: 0x00000000) which disables the “administrator in Admin Approval Mode” user type.
After a quick reboot, I was able to delete my files from my temp folder without having to grant administrator privileges to the action. For more info on this registry key check out Microsoft MSDN!