Access denied when using runas on Windows Server 2022

Question

This is something I encountered after upgrading our servers from 2016/2019 to 2022:

When I tried to open our Active Directory with another user, it would always deny the access even though the user has full admin rights.

I do not know what exactly they changed or why it is happening.

Answer 1

Since I do not have access to the Group Policy (outsourced IT), I had to do the following for every server:

1. Stop the seclogon service (if running) over the console with net stop seclogon
2. You need to open the console with admin rights for this to work. Paste the following wrapped command into the console and press enter:

sc sdset seclogon D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPDTLOCRRC;;;IU)(A;;CCLCSWDTLOCRRC;;;SU)(A;;CCLCSWRPDTLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

The runas command will now work again.