question

ArnaudRigole-0792 avatar image
0 Votes"
ArnaudRigole-0792 asked ArnaudRigole-0792 answered

Access denied trying to end other users processes - WS2016/2012R2

Hello,

We got a general issue since few weeks from now, we really can't understand what's about ;

As local administrator or domain administrator, on WS2016 & 2012R2 (we do not have 2019 to try), we can't kill / end processes which belongs to other users, we got an "Access denied" everytime. Other thing we can see is that the process owner is not displayed in the task manager or process hacker. What we tried:

Assume that i have a running notepad.exe on some interactive session (user is admin or not, doesn't matter)

  1. (obvious) running taskmgr as admin, running processhacker as admin : access denied

  2. taskkill /f /pid xxxx : access denied

  3. wmic process where name="notepad.exe" delete : access denied

  4. process hacker : we tried to gave ourselves the permissions on affected process: access denied

  5. tried to uninstall any antivirus product, same thing

  6. tried without any policies (group/local) applied on computer, same thing

  7. mined the whole internet to get possible fixes, no chances :(

  8. apply latest patches from Microsoft (usually critical & security only are automatically applied), build number is told below

  9. reboot, reboot, reboot, reboot, etc.

At the time i'm running out of ideas, it looks like that the problem came with some update, but i don't know when.
Here is the build number of a WS2016 affected : 14393.4583, latest critical & security patches applied.

Are we the ones and only which got that issue ?
Thanks in advance,

Arnaud


windows-serverwindows-server-2016windows-server-2012
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I got gut feeling that this is more related to process integrity level. If you've disabled UAC, enable it now and try again.


0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Make sure to run the cmd.exe session elevated.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ArnaudRigole-0792 avatar image
0 Votes"
ArnaudRigole-0792 answered ArnaudRigole-0792 edited

Hello and sorry for the late comeback ! It seems that from the profile, my question has "0 answers" !

@cheong00 i can't confirm that UAC is enabled (regkey EnableLUA=1) and that we tried with different levels of UAC, from minimum to maximum : same behavior.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ArnaudRigole-0792 avatar image
0 Votes"
ArnaudRigole-0792 answered

UP ! Really, nobody else can reproduce that behavior?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.