One of the greatest reasons I prefer not working with Microsoft Windows is that the intent behind managing Windows seems to be to make it as difficult as possible for an administrator to do their job. In theory, I suppose the intent is to make it difficult for a determined hacker to break the defenses but in practice it wastes a ridiculous amount of time and resources in the form of management and upkeep. (This is a lot like a government creating laws to control the lawless – it merely serves to inconvenience or criminalize the law-abiding.)
I was working on a recent issue with Windows Server 2012 R2 where I needed to add some local accounts to a directory that was used by Tableau Server. After having started the license service using a powershell window that had been started with elevated administrator privileges in a previous session, I was then blocked from starting the license service in the current one. I was also blocked from opening the log file, which happened to be the issue here. I was blocked from changing permissions on the file to be owned by any domain administrator accounts, any local administrator accounts, and the local administrator account.
The end result was that I logged into the machine using RDP, I navigated to the directory location using the CIFS share, via UNC, and then deleted the file using a domain account that was in the local administrators group. Be sure to reboot after this step. I hear that this might be a bug that might be patched.
What a waste of my time, having to figure this out. Thanks to a few experts on the MS technet site for having had to waste their time figuring this out.