Cannot administer services on remote Windows machine due to security issue
I have a Windows 2008 machine A with Administrator account X. I have another Windows 2008 machine B with Administrator account Y.
Both machines have an account Z, with same username and password on both.
Account Z is in the local Administrators group on both machines.
They're not on a domain.
From machine A, as user Z (the Administrators one that's common to both machines) I want to start/stop services on Machine B.
(I actually want to do this programatically from c#, but for now via the command line to prove it works is my aim.)
I've tried a few things (e.g. using runas /user:Z cmd, then using sc.exe), but found SysInternal's psservice to be nice and flexible, since I can specify a username and password on the command line. I've also tried coding it via WMI.
I always get the same result:
If I use the user/pass for Account Y (then actual admin on machine B), it works. If I use the user/pass for Account Z (or impersonate it locally), it fails with access denied.
Since Z is in the Administrators group, why is this the case?
Thanks.
Update:
Here are my UAC settings on both machines:
Very grateful to everyone's comments, but here is the answer:
http://blogs.msdn.com/b/vistacompatteam/archive/2006/09/22/766945.aspx
There is a registry setting
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy
Which impacts this.
If I set that registry entry to 1, everything works as expected - users in Admin group can access remotely properly.
It's not clear to me whether this is over and above any UAC setting (i.e. those local UAC settings never impact remote access), or whether my disabling of UAC is somehow inadequate. (I disabled it by using the Windows UI - my settings are as per the original question screenshot).