Re: Running Programs with Elevated Privileges
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/08/04
- Next message: Steven L Umbach: "Re: shutdown permissions"
- Previous message: Steven L Umbach: "Re: nt authority\anonymous logon in security event log"
- In reply to: Jeff Smyrski: "Running Programs with Elevated Privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 08 Mar 2004 22:56:33 GMT
You could either try adding the domain users account to the local power users group
on the domain computer where they need extra permissions or look into applying the
compatws.inf template witch will give a user the same ntfs and registry permissions
as a power user without the extra rights such as creating shares. Making a user a
local power user or administrator does not give them any more power in the domain,
but it makes it a lot easier for them to mess up their computers such as installing
unauthorized software. Ideally you would want to modify ntfs/registry permissions so
that a regular user could run the applications and free third party tools such as
Regmon and Filemom from SysInternals [which needs to be invoked with runas/admin
credentials while logged on as a regular user just before trying to run the
application] could help you possibly track down those permissions needed, but from
what you describe it may not work in your case because of all that the application
does. --- Steve
"Jeff Smyrski" <jsmyrski@bankofutica.com> wrote in message
news:8e7c01c40515$c4501050$a401280a@phx.gbl...
> I am looking for a way to allow several programs run with
> elevated privileges. For example, a certain software
> company has written a program that calls several other
> custom programs. In all of this the main program itself
> installs and uninstalls DCOM objects, and also configures
> hardware programatically such as a COM port for a Serial
> Printer. This is causing an issue, and the suggested
> solution is to open the security up for these users to
> run the program by making them Power Users locally, but
> since they log into a domain, it would mean giving them
> more privileges on the domain than they should have. The
> program runs accross the domain in a shared location on a
> server build for the core programs to run from.
>
> I am looking for a way to simply create either a GPO or
> script to alter the permissions for these programs to run
> with elevated privileges, kind of like a RUN AS feature,
> but with out manual intervention. Any suggestions would
> be very useful. Thanks.
>
> Jeff Smyrski -
> TechNet Plus Subscriber.
- Next message: Steven L Umbach: "Re: shutdown permissions"
- Previous message: Steven L Umbach: "Re: nt authority\anonymous logon in security event log"
- In reply to: Jeff Smyrski: "Running Programs with Elevated Privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
