Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, July 30, 2015 4:02 PM | 2 votes
Just installed a fresh copy of Windows 10 Pro x64 on a new Lenovo Yoga. Install went fine. Activate and updates done.
I've run into several spots where I'm getting the error message:
"C:\Windows\system32\rundll32.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I'm sure you all are familiar with this message since if you don't have Admin rights on the Domain you'll get this type of message when trying to install software or access Admin priv required settings. So I log out of the Domain Admin account and log into the Local Admin, boom it works. I can do things like add Desktop Icons, for example, with the Local Admin but not with Domain Admin. Seems like the Domain Admin account isn't getting elevated permissions when logging in.
Interesting note, if I add Domain Users to the admin group and log in as one of them the account gets properly elevated and I can manage the settings the Domain Admin can't. Any ideas?
All replies (29)
Monday, August 3, 2015 12:15 PM âś…Answered | 52 votes
Hi,
For your question, please run gpedit.msc to open Group Policy Editor, then switch to Computer Configuration> Windows Settings> Security Settings > Local Policies> Security Options, then enable "User Account Control: Admin Approval Mode for the Built-in Administrator account", after all restart Windows to take effect. Figure as below:
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Allen Wang
TechNet Community Support
Thursday, July 30, 2015 4:19 PM
Maybe unrelated but do you know what the functional level of your domain is?
Thursday, July 30, 2015 4:24 PM
2008 R2. Shouldn't make a difference since Domain Admin account has less privs than a Domain User account I gave Admin rights to in Advanced Local Users and Groups. And yes, Domain Admins does already exist in that group.
Thursday, July 30, 2015 8:59 PM
I have the same issue. Local Administrator account is fine when changing Desktop Icon Settings, however, when trying to change 'Desktop Icon Settings' in Domain Administrator account, Windows gives the following error:
"C:\Windows\system32\rundll32.exe"
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Troubleshooting:
UAC was tested with slide bar being moved to all locations from very top to all the way down to the bottom and no difference in permissions. PC was rebooted each time after UAC setting was changed. Windows 8.1 did not have this issue. Windows 10 bug?
NOTE: Also receive same error when clicking on 'Advanced Sound Settings' and 'Mouse Pointer Settings'.
AND: Other created local user accounts work ok.
Thursday, July 30, 2015 9:12 PM
You hit the nail on the head. Exact same problem I have. All of those options produce the same error message. I also was unable to adjust some other things in Settings (I'm trying now to remember which ones gave the error) and was met with the same error message.
All other accounts work. Domain Admin gets bricked.
Monday, August 3, 2015 2:57 PM
Yes! That did it! I have made note of it for other Windows 10 PCs.
Thank you.
Tuesday, August 4, 2015 6:08 AM
Hi,
Thank you for your response, if it's help please mark it as answer.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Allen Wang
TechNet Community Support
Thursday, August 6, 2015 6:55 PM
Hi,
For your question, please run gpedit.msc to open Group Policy Editor, then switch to Computer Configuration> Windows Settings> Security Settings > Local Policies> Security Options, then enable "User Account Control: Admin Approval Mode for the Built-in Administrator account", after all restart Windows to take effect. Figure as below:
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Allen Wang
TechNet Community Support
But domain administrator still cannot open the Microsoft edge and app store, when I click them, just show the frame and then disappeared. For left click start menu, it shows nothing and any response. However everything is work smooth under local administrator login. Any help? Thanks.
Wednesday, October 14, 2015 12:38 PM
Thank You this was the answer I was looking for. I was able to do this on multiple domain PC's and it solved the issue Thank You
Wednesday, October 26, 2016 9:36 AM
Thanks for your answer. This works for the domain admin account. It solved the issue i had when going to the "desktop icons".
Regards,
Thursday, March 30, 2017 7:22 PM
Fix my issue. thanks!
Saturday, June 3, 2017 2:21 PM | 2 votes
No. It doesn't work
The answer should not be marked correct
Thanks & Regards Ramandeep Singh
Wednesday, June 21, 2017 7:11 PM
This did not solve the issue I am having. It is similar, but when I have a standard domain user logged into my Windows 10 build, Domain admins cannot elevate access to install programs or run programs that require elevated access. Only local admins can elevate successfully. The provided gpedit.msc suggestion does not fix this issue.
Saturday, August 12, 2017 5:20 AM
Perfect!
Applied GPO at Default Domain Policy and it works!
Thursday, November 23, 2017 12:27 PM | 1 vote
Worked for me on Windows Server 2016, too. Applied the GPO at the DC and could access the rundll32.exe normally.
Many thanks!
Saturday, December 16, 2017 9:23 AM
Thanks, for good solution.
Tuesday, December 19, 2017 8:18 PM
I cannot change this selection group policy, it is grayed out. It doesn't matter if I am logged in as local admin or domain admin.
Wednesday, March 28, 2018 2:25 PM | 1 vote
worked for us. thank you
Wednesday, May 23, 2018 1:49 PM
Yes, it healped. Thanks.
Wednesday, September 19, 2018 7:00 PM
That was the ticket Mate!!! Point Gryffindor!!
Saturday, November 17, 2018 5:49 PM | 1 vote
The bigger issue here is why is this happening in the first place.
Friday, January 11, 2019 7:15 PM
Allen, thank you for taking the time to create this, this was the most helpful suggestion I have found in hours of searching!
Thursday, January 24, 2019 11:06 AM
Thank You.
Works for me also on windows 2016.
Thursday, January 31, 2019 4:11 PM
This fix also resolved the issue in Server 2019. Unfortunately it breaks the Server Manager application. With this GPO active Server Manager hangs with very high (50% +) CPU utilization. Disabling the GPO fixes the problem with Server Manager, but the other issues then return.
Tuesday, March 26, 2019 1:33 PM
run gpedit.msc to open Group Policy Editor, then switch to Computer Configuration> Windows Settings> Security Settings > Local Policies> Security Options, then Disable "User Account Control: Admin Approval Mode for the Built-in Administrator account", after all restart Windows to take effect.
By default, this option is Enabled. You need to disable it, restart the machine and it works. It worked on my Server 2016. Kudos!
Friday, August 9, 2019 11:10 AM
worked on my new 2019 dc in azure
Thursday, August 15, 2019 11:13 AM
worked on my new 2019 dc in azure
But not my other one!!!
Thursday, December 12, 2019 11:51 PM
i have this set as a gpo on my servers ou and it does not work for me. when i run group policy reports the policy IS applied and when i run the gpedit.msc on the server i see that the user account control admin approval mode for build in admins policy IS enabled.
i still cant add desktop icons like control panel and computer.
have restarted many times.
im logging in as domain\administrator to said server (2019 (1809))
?
Tuesday, December 31, 2019 8:44 PM
Thanks! That did it.