With our new SharePoint Server 2010 running only on 64bit and Windows 2008 (R2) we as Administrators are having something more to check than it was necessary with Windows 2003.

As a Farm Administrator the login might be MyDomain\SPFarm and you are member of the “Local Administrator” Group of the machine (The SharePoint Server).


You are now logged in as a Local Administrator.

What is now the Machine Administrator?

Short Answer:
You will get the permissions as a Machine Administrator when you start the particular application with Run As Administrator or you configured the UAC (UserAccountControl) in that way to be always also Machine Administrator.

Long Answer:
Enable SharePoint PowerShell Commandlets in the PowerShell ISE

Or create a link (MyPSShell.LNK) with: %windir%\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\sharepoint.ps1"

If you start the PwerShell ISE by a click you might get the this:
You will be “Only” Local Administrator.

If you start the PowerShell ISE by using Run As Administrator you might get the this:

Now you are also Machine Administrator!

Why I tell you that?

To not see something like this:

New-SPProfileServiceApplication : Access denied.  Only machine administrators are allowed
to create administration service job definitions of type: Microsoft.SharePoint.Administrat
ion.SPServiceApplicationInstanceProvisioningJobDefinition, Microsoft.SharePoint, Version=1, Culture=neutral, PublicKeyToken=71e9bce111e9429c