Roy Mathew wrote: >What I would like is for a way to tell exactly which resource needs >the elevated permission, so I can simply go fix it. > > > Check out the VerboseSecurity product. I ran into a similar problem and this product pinpointed every detail.