Partner on Microsoft Windows

Overview

This section describes issues specific to running Partner within a Microsoft Windows Operating System environment.

UAC

Administrator Accounts

Keep in mind that:

  • By default, UAC does not apply to the default Administrator account (unless specified by Group Policy).
  • By default, UAC does apply to the Administrators group (unless specified by Group Policy).

In effect this means that UAC is disabled full time for a default administrator account. A created user with administrative privileges is not the same.

There are a couple of options to work around this that follow best security practices.

Change the group policy objects to allow anyone in the administrators group to ignore UAC.

This can be problematic, especially if you have a lot of users in the local admin group.

See “UAC Group Policy Settings and Registry Key Settings” at http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

Rename the default administrator account

The other, supposedly more secure, option is to rename the default administrator account (instead of disabling it) then use the default admin account for actual administrative tasks.

The problem mainly applies the Partner hub in that UAC prevents passing elevated privileges to a service creation task from a batch file and running elevated services from a non-secure location (i.e. anything outside c:\Program Files).