Access denied trying to end other users processes - WS2016/2012R2

Question

Hello,

We got a general issue since few weeks from now, we really can't understand what's about ;

As local administrator or domain administrator, on WS2016 & 2012R2 (we do not have 2019 to try), we can't kill / end processes which belongs to other users, we got an "Access denied" everytime. Other thing we can see is that the process owner is not displayed in the task manager or process hacker. What we tried:

Assume that i have a running notepad.exe on some interactive session (user is admin or not, doesn't matter)

1. (obvious) running taskmgr as admin, running processhacker as admin : access denied
2. taskkill /f /pid xxxx : access denied
3. wmic process where name="notepad.exe" delete : access denied
4. process hacker : we tried to gave ourselves the permissions on affected process: access denied
5. tried to uninstall any antivirus product, same thing
6. tried without any policies (group/local) applied on computer, same thing
7. mined the whole internet to get possible fixes, no chances :(
8. apply latest patches from Microsoft (usually critical & security only are automatically applied), build number is told below
9. reboot, reboot, reboot, reboot, etc.

At the time i'm running out of ideas, it looks like that the problem came with some update, but i don't know when.
Here is the build number of a WS2016 affected : 14393.4583, latest critical & security patches applied.

Are we the ones and only which got that issue ?
Thanks in advance,

Arnaud

Answer 1

Make sure to run the cmd.exe session elevated.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello and sorry for the late comeback ! It seems that from the profile, my question has "0 answers" !

@Cheong00 i can't confirm that UAC is enabled (regkey EnableLUA=1) and that we tried with different levels of UAC, from minimum to maximum : same behavior.

Answer 3

UP ! Really, nobody else can reproduce that behavior?