Infrastructure (LAB) for SharePoint 3 Servers - 1 Web Front End - 1 Database Server - 1 Application Server multiple roles, Domain Controller (DC), Active Directory, DNS Situation: I am logging in with an account called MyAccount, but need to run software on the Domain Controller as an LocalAdminAccount & SharePointFarmAccount MyAccount & SharePointFarmAccount are both in the Domain Admins, Enterprise Admins and Builtin\Administrators groups. However when I got to run anything on the DC I get the message must be an administator. Ok so if I right click and run as an administrator the problem is I cannot access my SharePoint farm. How do you configure accounts to have administrator rights on a DC? Or is it just not correct to run .EXE that require admin rights on a DC? I am asking because it is getting impossible to run stsadm or SharePoint 2010 Management Shell on the DC machine. Yes, yes I could login as the Farm account, but how can multiple people work on the same environment at the same time. I have to get this documented and the right way to do this. Moojjoo MCP, MCTS MCP Virtual Business Card http://www.mmebs.com

Domain Admins are able to logon on DCs and perform administrative tasks on them. If you are using 2008 DCs or higher, you will be prompted to use elevated prompt (If UAC is enabled) by using run as an administrator (like running exe files). To run stsadm, please right-click on CMD and then use run as an administrator to execute commands using an elevated prompt. This should solve your problem. For SharePoint questions, please post in the SharePoint Forum. You can also try to disable UAC, perform what you want and then enable it for security reasons. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Ok this is the problem we have more than 1 person working on the DC. If you are logged in as the FarmAccount (aka access to the SharePoint Config and Content DB) you are good, but only one person can login at a time using 1 account. Hence the solution... Get off the DC and work on another server in the FARM.... I am trying that now. Trying one of the Web Front Ends going to login as my one account, but since it is not the DC things are not as strict. I will post back with results, but I have to install Visual Studio 2010 on the machine. I think when this is all said and done I might write my first white paper and try to get it published. :).....Moojjoo MCP, MCTS MCP Virtual Business Card http://www.mmebs.com