When User Access Control (UAC) is enabled on Windows 2008 server, PAR is unable to automatically manage passwords.
There are specific settings required around UAC to enable PAR to manage passwords on Windows 2008 Servers.
Enabling the following settings causes issues:
Window 2008 setting description:
1. User Account Control: Admin Approval Mode for the Built-in Administrator account
2. User Account Control: Run all administrators in Admin Approval Mode
Local Security Policy -; Local Policies -; Security Options
To allow PAR to manage passwords using the "Administrator" account:
For workgroup computers,
Windows Server 2008 R2 has a minimum permission of "Administrators" for password resets on standalone servers (e.g. servers that are _not_ joined to a domain or a domain controller).
Please see this Microsoft article which applies to Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012:
The article states "Administrators is the minimum group membership required to complete this procedure" in the context of "Reset the password for a local user account"
Since TPAM requires a local user account to be created in order to perform password resets, these Microsoft permissions applies.