U
User_000439867209875
Background:
In Windows Server 2012 R2, we are be able to run "explorer.exe" in elevated mode.
For example, you can use Task Manager to end the process "explorer.exe" and then in Task Manager, click File -> Run new task -> explorer.exe and check the box "Create this task with administrative privileges", and Windows Explorer will launch in elevated mode.
Or, you can open up Command Prompt (Admin) and enter the command "tskill explorer & explorer" and this will also kill the non-elevated Windows Explorer process and launch Windows Explorer in elevated mode. Proof of explorer.exe running in elevated mode is seen in Task Manager, Details tab after you add the Column "Elevated" to it. Then you can see all the running processes and whether they are running in elevated mode or not.
This is very helpful on File Servers because (even when logged on as a member of the local Administrators group) if explorer.exe is not running in elevated mode, when navigating through folders that require administrative access (e.g. C:\Windows\System32\config or C:\Users\[some other user's user profile folder]), you will get a security prompt indicating "You don't currently have permission to access this folder" and "Click Continue to permanently get access to this folder". Clicking "Continue" however is not a good resolution, because this will add your current account to the ACL explicitly (when the account already has access via the Administrators group) which takes forever when the contents of the folder are numerous.
Navigating using explorer.exe in elevated mode does not encounter these security prompts.
Bug description:
Attempting these methods to run "explorer.exe" in elevated mode does not work in Windows Server 2016. This is proved by the Elevated column in Task Manager's Details tab always showing "No" rather than "Yes" next to the resultant "explorer.exe" process, whereas it would say "Yes" in Server 2012 R2 when the above-cited methods are used. Likewise, navigating (using an account that is a member of the local Administrators group) to folders requiring administrative privilege (folder permissions allow access to local Administrators group but not the active administrator member account explicitly) results in the above-mentioned security prompt that requires clicking "Continue" to get into that folder (thus adding an explicit ACL record in the folder and its contents, which takes forever on a file server).
Can this report be sent to the team that can fix this issue? If we use Windows Server 2016 features and applications to attempt to run "explorer.exe" in elevated mode, it should work, just as it currently does with other processes/applications. Currently it does not.
Thoughts?
[edited 4/7/2017 11:55am for clarity, typos]
[edited 4/7/2017 11:58am for clarity again]
Continue reading...
In Windows Server 2012 R2, we are be able to run "explorer.exe" in elevated mode.
For example, you can use Task Manager to end the process "explorer.exe" and then in Task Manager, click File -> Run new task -> explorer.exe and check the box "Create this task with administrative privileges", and Windows Explorer will launch in elevated mode.
Or, you can open up Command Prompt (Admin) and enter the command "tskill explorer & explorer" and this will also kill the non-elevated Windows Explorer process and launch Windows Explorer in elevated mode. Proof of explorer.exe running in elevated mode is seen in Task Manager, Details tab after you add the Column "Elevated" to it. Then you can see all the running processes and whether they are running in elevated mode or not.
This is very helpful on File Servers because (even when logged on as a member of the local Administrators group) if explorer.exe is not running in elevated mode, when navigating through folders that require administrative access (e.g. C:\Windows\System32\config or C:\Users\[some other user's user profile folder]), you will get a security prompt indicating "You don't currently have permission to access this folder" and "Click Continue to permanently get access to this folder". Clicking "Continue" however is not a good resolution, because this will add your current account to the ACL explicitly (when the account already has access via the Administrators group) which takes forever when the contents of the folder are numerous.
Navigating using explorer.exe in elevated mode does not encounter these security prompts.
Bug description:
Attempting these methods to run "explorer.exe" in elevated mode does not work in Windows Server 2016. This is proved by the Elevated column in Task Manager's Details tab always showing "No" rather than "Yes" next to the resultant "explorer.exe" process, whereas it would say "Yes" in Server 2012 R2 when the above-cited methods are used. Likewise, navigating (using an account that is a member of the local Administrators group) to folders requiring administrative privilege (folder permissions allow access to local Administrators group but not the active administrator member account explicitly) results in the above-mentioned security prompt that requires clicking "Continue" to get into that folder (thus adding an explicit ACL record in the folder and its contents, which takes forever on a file server).
Can this report be sent to the team that can fix this issue? If we use Windows Server 2016 features and applications to attempt to run "explorer.exe" in elevated mode, it should work, just as it currently does with other processes/applications. Currently it does not.
Thoughts?
[edited 4/7/2017 11:55am for clarity, typos]
[edited 4/7/2017 11:58am for clarity again]
Continue reading...