Administrator with full access still can't execute program

W

w1r3d

New member
Hi all!

I'm having a problem with a Windows 7 Professional VM.

I'm trying to "lock down" the permissions of some files (cmd.exe, ftp.exe, etc)

For example, I modify the permissions for C:\Windows\System32\cmd.exe so that only SYSTEM and Administrators have full access. I removed Users, Owner, etc from the list.

Then, if I try to run cmd.exe, I get this message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."


Which is confusing, to say the least. I gave the Administrators group (of which I'm a part of) full access: read, write, execute, etc yet I still can't run the executable. I tried adding other groups such as Users and INTERACTIVE, and THEN it works. However, that defeats the purpose, because then anyone can access the file, which I don't want.

If anyone can shed some light on this issue, I'd greatly appreciate it.


Thanks!
Pedro
 

My Computer

OS
Windows 7 Professional
I hate to bump threads, but.. anybody? I'm still stuck with this issue :(
 

My Computer

OS
Windows 7 Professional
So everyone has access to cmd.exe...so? Just because they have access to the command line does not mean that can invoke administrative actions. Still bound to their privileges.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
I understand, it's just that I was told to configure it so that only Administrators have access. It's just puzzling to me that even though the *Administrators* have Full Access, they still can't access the file. Ugh.
 

My Computer

OS
Windows 7 Professional
Administrators are part of the Users group and they are only part of the Administrators group when they use Run As Admin.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
Yes, off hand that's probably it.

Was thinking it could be something with the unactivated by default true administrator which is hidden away from normal users, even normal administrator users.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Professional SP1 64bit, Manjaro Xfce, Debian 10 64bit Xfce
CPU
Intel i7-3930K @ 4.2GHz
Motherboard
ASUS P9X79 WS
Memory
Corsair Dominator 64GB Quad Channel DDR3 @ 1600MHz
Graphics Card(s)
EVGA GeForce GTX Titan Black Superclocked (×2, SLI)
Monitor(s) Displays
Sony Bravia 46"
Screen Resolution
1920×1080 (Full Screen), 1366×768 (Windows)
Hard Drives
Samsung 860 PRO 4TB SSD, Samsung 850 EVO 1TB SSD, Western Digital WD Gold 16TB 7200 RPM 512MB Cache HDD
PSU
Corsair AX1200 (1200W, 100.4A @ 12V)
Case
Corsair Obsidian 750D
Cooling
Corsair H110, 5 NOCTUA NF-A14 industrialPPC-3000 PWM Fans
Keyboard
Logitech K360
Mouse
Logitech M220
Browser
Firefox Developer Edition, Pale Moon, Tor
What I'm seeing is that I can't run cmd.exe even if I do right-click -> "Run as administrator". I *have* to have Users as part of the permissions if I want to be able to run it, even if I'm an administrator. It's quite frustrating. I don't see why I can't just keep Users from being able to access this. The sad part is, it also happens with many other executables, such as ftp.exe.

Edit:
I looked around some, and found a setting called "Prevent access to the command prompt" under User Configuration -> Administrative Templates -> System. I enabled it to see if I could get around the issue, but it still prevents me from accessing the command prompt, even though I'm an administrator (the difference is that now, command prompt starts, but displays a message telling me it's been disabled by an administrator). Same thing happens if I "run as administrator". Again, I just feel like I'm missing something, because this doesn't make sense to me. :/
 
Last edited:

My Computer

OS
Windows 7 Professional
You must log in or register to reply here.
Back
Top