Re: Question regarding microsoft security policy
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/20/04
- Next message: Steven L Umbach: "Re: demoted server logon/off events"
- Previous message: Steven L Umbach: "Re: Account Lockout"
- In reply to: luc wastiaux: "Question regarding microsoft security policy"
- Next in thread: luc wastiaux: "Re: Question regarding microsoft security policy"
- Reply: luc wastiaux: "Re: Question regarding microsoft security policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Apr 2004 16:53:46 GMT
Microsoft does not consider an application certified for Windows 2000 [or whatever
the term is they use] unless it will function while a user is only a member of the
users group. Of course older applications created before that new standard came out
may not work as you experienced. Your options are to elevate user power, upgrade your
software, lean on the application publisher for how to modify the file
system/registry, or try it yourself with free tools such as filemon and regmon from
SysInternals.
Often elevating a user to power user will solve the problem which is very similar to
what a regular user was in NT4.0. The compatws.inf template will loosen file/registry
permissions to give regular users the same permissions as power users. The best
approach if possible is to loosen only those permissions necessary. If the publisher
will not help, then you can logon to a computer as a regular user and then use runas
with admin credentials to invoke filemon/regmon just before trying to run the
application. Then you can review the log at the point where the application fails due
to "access denied" to a file/folder at which point you will have to modify
permissions and try again. Sometimes it is fairly easy and other times very tedious
but at least worth a try. --- Steve
http://www.sysinternals.com/ntw2k/source/filemon.shtml -- free tools from
SysInternals.
"luc wastiaux" <dustpuppy@airpost.net> wrote in message
news:c62u7e022hh@news1.newsguy.com...
> There are a lot of legacy application for windows that need write access
> in Program Files, forcing you to promote local users to administrators
> or these applications won't work. I'm not pleased at all with this since
> this makes all the binaries in \program files and \winnt virus-writable.
> What is being done in this regard by microsoft ? I wish more application
> developpers became aware that machines are being used by more than one
> user, and writing in \program files is not appropriate.
>
> --
> luc wastiaux
- Next message: Steven L Umbach: "Re: demoted server logon/off events"
- Previous message: Steven L Umbach: "Re: Account Lockout"
- In reply to: luc wastiaux: "Question regarding microsoft security policy"
- Next in thread: luc wastiaux: "Re: Question regarding microsoft security policy"
- Reply: luc wastiaux: "Re: Question regarding microsoft security policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
