Is there any impact to AP configuration if I run Configuration Manager as a standard user who is a member of the Administrator group?

Document ID : KB000044580
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

When initiating Configuration Manager on each server, on our W2K8 servers we previously used a central service account with admin privileges to login to each server and make updates to AP.  In this way we could be assured that all updates were made with the same rights by each individual.  Due to recent security policy changes, we are now limited to use of this service account on our W2K12 servers and must now use each individually assigned user id (with admin rights in the OU) to login to each server and make updates.

Question: 

1) Would there be any possible impact to AP when multiple changes are made to the AP configuration by multiple user IDs (not simultaneously on the same server)  as long as they all have administrative rights in the OU?

2) When initiating Configuration Manager from the START menu or Windows Desktop via a shortcut, since the initiating user ID would already have administrative rights, would anything further need to be done such as right clicking on the shortcut and using the 'run as administrator' option?

3) Is there a way to initiate Configuration Manager from a desktop shortcut and specify the service account user ID from one of the other individual user IDs logged on without modification of the current UAC settings?  ie: using RUNAS? NOTE:  I've tried using RUNAS to initiate Configuration Manager and receive an error code 740.

Environment:  

Windows Server 2012

Answer: 

1) There is no adverse impact to AP when different users who are part of the Administrators group make changes to AP config using CFGMGR. Just make sure they are not running multiple instances of CFGMGR at the same time.

2) If the user is part of the Admin group in the OU, then that user should not need to 'run as administrator' to run CFGMGR

3) There is no way to initiate CFGMGR from a desktop shortcut and specify the service account from the user IDs logged on without modifying the user's current UAC settings.The error code 740 indicates that his UAC is set not to prompt for credentials, but authorization is required for the necessary elevated privilege.

Additional Information:

Please review the CA Automation Point 11.5 Component Privileges section of the Administrating Guide for more information.