There seems to be so quirky things that happen when you sign into a Windows Server 2019 as a domain administrator. Whenever you install Active Directory Services, and then perform a domain controller promotion there are issues with many of the built in Windows features. For instance, if you would like to add icons to your desktop by navigating to Settings>Themes and Related Settings>Desktop Icon Settings, you are not able to add any of the default icons to the desktop.
We have found a workaround for this after doing some research.
There are two methods, one being a group policy entry and the other being a registry entry. The registry entry may be useful for MSPs using RMM, so that you could automate this task and run as a script on multiple domain controllers if this is a global issue.
To make the change with Group Policy Management:
Navigate to RUN.exe
Then type in "gpedit.msc"
Navigate to 'Windows Settings>Security Settings>Local Policies>Security Options'
Under the Policy named "User Account Control: Admin Approval Mode for the Built-in Administrator Account"
Right click and select Properties
Then Set to 'Enabled'
Then hit, 'Apply' and Close the application.
After these steps are finished, reboot the Windows Server and all functionality while signed in as a domain administrator should be restored.
To Make the change with Registry Edit:
Navigate to RUN.exe
Then type in "regedit"
Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion\Policies\System'
Select string value named "FilterAdministratorToken" and set the registry setting to '1'
After these steps are finished, reboot the Windows Server and all functionality while signed in as a domain administrator should be restored.
Comments