Wednesday, October 12, 2011

DPM–Access denied in Windows Explorer after mountvol in CMD

Here I am login in as a domain user  that is also a member of the of the LOCAL ADMINISTRATORS group in a server. 

I manage to MOUNTVOL and assign a letter K to the volume.  It’s for a site-to-site replica manual transfer.  For those of you that is interested in the site-to-site replica manual transfer, it’s in my blog too .

Before I go further, here’s some short explanation on the UAC from Technet :

To help prevent malicious software from silently installing and causing computer-wide infection, Microsoft developed the UAC feature. Unlike previous versions of Windows, when an administrator logs on to a computer running Windows Server 2008, the user’s full administrator access token is split into two access tokens: a full administrator access token and a standard user access token.

During the logon process, authorization and access control components that identify an administrator are removed, resulting in a standard user access token. The standard user access token is then used to start the desktop, the Explorer.exe process.

Because all applications inherit their access control data from the initial launch of the desktop, they all run as a standard user as well.

After an administrator logs on, the full administrator access token is not invoked until the user attempts to perform an administrative task.

Anyway, if you have the LOCAL ADMINISTRATOR’s password you can go through the steps mentioned earlier in my blog.  However, in some situation there’s no way to have the LOCAL ADMINISTRATOR’s password. I’m already assigned as part of the local administrators group.

So after some snooping around and found that the issue is with the User Access Control (UAC).

So what I did is to edit the registry of the DPM server :

MYKUL0750-SCR218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Change the EnableLUA from 1 to 0

Reboot the server.

Login with the user that is part of the Local Administrators Group.

Perform the steps to MOUNTVOL & then from the Windows Explorer, you can be able to access the volume with the letter assigned.  Copy the necessary data out to external drive to transport out to second site and copy the data from the external drive to the secondary DPM server.

More information on the UAC is in here.

Please note : That should make admins run as admins all of the time. This is dangerous and I would recommend that you enable this feature back on for day to day use.

Thank you & hope this helps you Smile.

keynote : Windows Explorer access denied after MOUNTVOL, mountvol for DPM, replica, manual transfer of site to site, DPM site to site manual data transfer

No comments:

Post a Comment