Re: Windows 2003 Users vs Software
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/26/05
- Previous message: Steven L Umbach: "Re: Certification Server Question"
- In reply to: Marilyne: "Re: Windows 2003 Users vs Software"
- Next in thread: Marilyne: "Re: Windows 2003 Users vs Software"
- Reply: Marilyne: "Re: Windows 2003 Users vs Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 23:01:49 -0700
I did try to indicate how to use these to find the problems,
at the end of the last paragraph.
You need to have both an admin and a limited account
in use at the same time. You can log in as a limited
account and then use RunAs to get the regmon and filemon
ready within an admin account, and then run the problem
applications, and then start the capture simultaneously with
launching the problem application as the limited user, or
you can log in as the admin and use RunAs to launch the
problem application. In either case it is highly advantageous
to configure the capture filters so that you snag only what is
needed based on using a filtering for the limited account.
RunAs should be available with a right-shift right-click
into the context menu of the launcher for the application,
or, from the commandline using syntax info obtained with
runas /?
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Marilyne" <Marilyne@discussions.microsoft.com> wrote in message news:64465DD3-3CF1-49D8-89FE-3EE048DBF712@microsoft.com... > Thank you! > > I did download both filemon and regmon. I found several references to the > software. I copied the references; however, when I tried to run the software > to get the errors, I could not run it in the user login because they didn't > have the security rights. I can run the software as administrator on the > same machine but my question is how to I find the registry errors that came > up for that software when it was in user mode. > > I was confused enough to hire someone to come in and try to decifer it for > me; however, he didn't seem to know what he was looking for either. I will > complain to the manufacturer because this is a major vendor and the software > is very expensive; however, the company didn't have any problems running it > on Windows 98. > > Can you suggest some tricks I can use with regmon or filemon? > > "Roger Abell" wrote: > > > The message that you see when trying to run those applications > > as a limited user, to effect, "the software has not been installed > > correctly" is a correct message. In fact, the software is not > > capable of installing itself correctly. > > There are quite a few companies that still have not lifted their > > eyes above the DOS/Win9x days. You need to not just ask for > > their support but to let them know that they have sold you flawed > > software that does not respect the requirements of software that > > is designed for Windows (the logo specification). > > You voice, added to that of others, is the only thing that will > > push these vendors into creating/selling "modern" software. > > > > OK, so what else can you do besides telling them that the next > > purchase is guided by the made for Windows logo being on the > > software? > > > > The one route you explored, making the users' domain accounts > > members of the machine local Administrators group is one way, > > but consider it a last resort. Also, you may need to look for some > > Restricted Group definitions in the GPOs in AD judging from > > what you have said. > > > > Many such illbehaved software can be cured by granting the > > Users group Modify permissions on the directory to which the > > software installed, like c:\program files\vendorapplication > > If that is insufficent then the application when running may be > > trying to create temporary files somewhere else where the > > Users group does not (and should not) have permission to do > > so. The other major reason for failure is that the application > > is trying to write into the registry, likely somewhere like > > HKLM\Software\Vendorname\Applicationname, a location > > to which limited user do not and should not have write granted. > > So, one can try granting this in the registry to just that vendor's > > keys for the application, but if it does not help remove the grant. > > There are two tools , fileman and regmon, thay you may get > > at www.sysinternals.com that are a great help in locating where > > an application is trying to write and being denied. To use these, > > log in as an admin, start the apps and configure the capture filters > > to watch the limited account you will use to run the application. > > Then, start the capture and use runas to start the application as > > that limited user. As soon as the application has failed, stop > > the capture and examine it for the failures indicating where you > > could try granting Users group higher permissions. > > > > That said, there are some software that just plain cannot be > > made to work. It is too DOSish. However, if the application > > did work for a non-admin in Windows 2000 then the above > > will likely resolve your problems. > > > > -- > > Roger Abell > > Microsoft MVP (Windows Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Marilyne" <Marilyne@discussions.microsoft.com> wrote in message > > news:7015D463-CEC6-4EE5-89E5-835934C810C1@microsoft.com... > > > I am managing a network using 16 workstations sharing files on a Windows > > 2003 > > > server. The users do not have rights to install programs. All users have > > > Office 2003; however, each workstation has additional software that is > > > specific to their business specialty. There is only one software package > > > running off the server. My problem is when I install some software > > packages > > > they do not work for the user using standard user rights. > > > > > > I have consulted other network techs regarding the problem and followed > > > various suggestions none of these ideas worked. It appears the server is > > > over-riding something in the software registry. Therefore the software > > will > > > not initiate once the user has standard user rights to the machine. If I > > get > > > an error it usually says the software was not installed properly. Once I > > > change the users rights to "Administrator" the software works. > > > > > > I've tried changing the machine user rights so that the user has > > > administrative rights to his/her machine but as soon as they login with > > their > > > standard user login created for the domain, the server over rides the > > rights > > > and the software will not work. > > > > > > There are three software packages that are giving me this conflict. One > > is > > > an engineering software, one is a form software and the other is a > > software > > > that initiates the vinyl cutter. I have called the software vendors and > > they > > > give me no technical advice. They don't know what would cause this > > conflict. > > > I am looking forward to hearing some good advice. > > > > > > It has been suggested to me that I give the user administrative rights and > > > give up. This means the user has access to payroll and account records > > the > > > administration does not want public. If there is a way to give the users > > > administrative rights and limit their access to specific folders. I am > > > willing to make that adjustment. > > > -- > > > Marilyne > > > > > >
- Previous message: Steven L Umbach: "Re: Certification Server Question"
- In reply to: Marilyne: "Re: Windows 2003 Users vs Software"
- Next in thread: Marilyne: "Re: Windows 2003 Users vs Software"
- Reply: Marilyne: "Re: Windows 2003 Users vs Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
