Accessing the EVBAAdmin website displays error "You are viewing this site without administrator privileges"
Article ID: 100032165
Updated On:
Description
Error Message
You are viewing this site without administrator privileges. Run the browser as an Administrator and ensure 'Anonymous Authentication' is disabled for this web site.
Cause
The Admin Approval Mode component of Microsoft Windows User Account Control (UAC) requires elevated rights to access the website and will block website access until the rights are provided or an override is in place. Typically, adding the Vault Service Account (VSA) to the local Administrators group on the Accelerator Server or to the Domain Administrators group is sufficient. However, adding the VSA as an administrator may not suffice if there are additional security restrictions enforced by Group Policy (GPO) in the environment. In this case where the VSA is an administrator, local and/or domain, and the error is seen, then the additional security restrictions enforced by GPOs must be reviewed by the onsite team responsible for Windows Security. In the mean time, a UAC override can be added to allow VSA access to the website.
Note that UAC is a Microsoft Windows component. The recommended setting values below are based on information listed in the following Microsoft sources referencing the settings:
- User Account Control settings and configuration:
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/settings-and-configuration?tabs=intune
- User Account Control: Admin Approval Mode for the Built-in Administrator account: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account
- User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode
- User Account Control: Detect application installations and prompt for elevation: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation
- User Account Control: Run all administrators in Admin Approval Mode: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode
Resolution
1. Verify the VSA is a Local Administrator and log on to the Accelerator Server as the VSA.
2. Go to Start | Run | gpedit.msc.
3. Navigate to Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options.
4. Edit the following settings:
- User Account Control: Admin Approval Mode for the Built-in Administrator account | set to Disabled.
- User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode | set to Elevate without prompting.
- User Account Control: Detect application installations and prompt for elevation | set to Disabled.
- User Account Control: Run all administrators in Admin Approval Mode | set to Disabled.
5. Restart the Accelerator Server and access the EVBAAdmin web site. Enable IE Compatibility Mode if prompted.
Issue/Introduction
