Server2019, Admin user asked for password

Question

Hy!

I have a server in a domain (test.local). On the server I added 2 domain users to Local Administrator group. (Bob, Bab) [[ Local Users and Groups -> Groups -> Administrators]]

Everybody using Remote Desktop.

1.) Both of the users have Admin rights BUT the server always asks for admin password when they start a task "Run as administrator". They type their password and it's working. But If I login with my account (Domain Admin) I can execute programs without typing my password.

2.) On these accounts the "Administrator tools" is missing from the user interface, but If they start one of them in CMD it will run (and asks for password). [example they when they type "Creat and form partiton" on the search bar, it's not showing but they can start it from cmd)

So they have admin rights, and they can use everything If they type their password. How can I config the server to not ask a password from them? I want to config them to became a full right Administrators. It looks like when they login the server, they become a regular user without any rights, but there account is able to do any Admin thing.

Thanks for the help.

Answer 1

Hi @Finaria ,

This is due to the User Account Control (UAC) behaviour, you'll find more information over here:
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode

To avoid elevation prompts for members in administrators group without disabling UAC, you can set User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode security policy to Elevate without prompting in group policies or local policies.

----------

If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

Best regards,
Leon