Sunday, June 21, 2015

Access is denied: ‘xxx.dll’ – Manually add an assembly (.dll) to the GAC on Windows Server 2008 R2

Copyright from: stepbistep.net

I supposed to post this issue few months ago, but I don’t really know why this has been in my draft folder till this date! When we were migrating our servers to new environment, we deployed some custom web parts manually. While deploying the web part (Drag and drop the assembly (web part .dll) into Global Assembly Cache (GAC) folder) I have got the following wired error message! :(
GAC normally located in C:\Windows\assembly directory, and ‘WebPartStepBiStep.dll‘ is my web part assembly.
After spending some time on the web, I have got the solution here. Actually the ‘User Account Control: run all administrators in Admin Approval Mode’ was Enabled on the Local Security Policy. Which means the local administrators group required Admin Approval Mode (AAM) to perform these kind of operations. Here is the definition for Admin Approval Mode (AAM) from MicroSoft site.
Admin Approval Mode: AAM is a User Account Control (UAC) configuration in which a split user access token is created for an administrator. When an administrator logs on to a Windows Server 2008, the administrator is assigned two separate access tokens. Without AAM, an administrator account receives only one access token, which grants that administrator access to all Windows resources.
To access the Local Security Policy, either we can goto the Administrative Tools –> Local Security Policy OR we can run the secpol.msc’ on the command prompt.
Start –> Administrative Tools –> Local Security Policy
Click Start –> Cmd –> type ‘secpol.msc’ then enter
You will be getting the Local Security Policy window like below and the highlighted is the AAM.
So the solution for our problem is Disabled the User Account Control. To do this double click on the highlighted policy on the Local Security Policy above and then you will be getting this window.
Click Disabled and OK.
After disabling this you will be able to drag and drop the .dll to the GAC.
Please Note:  1. Rebooted required for changes to the local security policy on the server.
2. Disabling this can make security problems in your environment, so after completing task, you should be enabled back the UAC.
That’s all guys, Happy drag and dropping..!
Thanks. R/.
References: