Re: Running programs for non-previleged users on XP
From: jokes54321 (jokes54321_at_nospam.com)
Date: 05/26/05
- Next message: Andrew Sword [MVP]: "Re: Hardening Member Servers"
- Previous message: IanH: "Virus Checking Encrypted Email - Exchange & AD"
- In reply to: Roger Abell: "Re: Running programs for non-previleged users on XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 May 2005 16:06:33 -0700
If I am understanding your question correctly, yes it is very reasonable to
insist a user be able to use an application without having Admin rights.
I've banged heads with multiple vendors over the years. One distributed
software that Reservation agents had to use for their phone functions. By
default the software would not run without Admin rights. What didn't seem
reasonable was they were telling me I had to make every reservation agent a
local admin on each and every computer. The agents couldn't do their job
without the software and I couldn't have them as local admins. I ended up
going through the registry and NTFS permissions granting users access, until
I found out how to make their software run as a local user.
In my opinion, developers need to take the time to make their setup packages
set all the appropriate permissions up front. It absolutely wrong to insist
on running the software under the Local Admin context.
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:u8R9LMTYFHA.2572@TK2MSFTNGP14.phx.gbl...
> It really depends on what the program was written to do.
> For example, if in brain-dead fashion the application had been written to
> access for Write specific areas, like c:\Windows or some key in HKLM,
> as part of its initialization, then you would experience this scenario.
>
> I really do not understand your question 2, and also whether you are
> saying "demand" in the context that a .Net developer would use that term.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Sathyaish" <Sathyaish@Yahoo.com> wrote in message
> news:1116862782.530525.182880@g44g2000cwa.googlegroups.com...
>> Scenario
>> ===========
>>
>> (1) You write a program using some programming language, say, C#.
>>
>> (2) You make an assembly out of the program by compiling it. It is a
>> single module assembly.
>>
>> (3) You create a setup program for this.
>>
>> (4) During the setup, the user, an administrator group user, selects
>> the option, "Install this program for all the people who use this
>> computer, and not just for me."
>>
>> (5) The administrator group user finishes installing the program. Then
>> he goes on to use it. He is able to use it.
>>
>> (6) The administrator group user logs off.
>>
>> (7) Another user, let's call him by the name John, who's only a
>> "regular user" who does not belong to the administrator group (not even
>> a Power User), logs in and wants to use the program. He double-clicks
>> on the program exe icon on the desktop. It doesn't work for him.
>>
>>
>> Questions:
>> ============
>> (1) Is is even possible or a reasonable demand that the user who does
>> not have administrative previliges be able to use the program. It must
>> be noted that the intention is so, since the administrator who
>> installed the program supplied the choice "Install for everyone" while
>> installing it.
>>
>> (2) If it is possible and a reasonable demand, how can it be
>> accomplished?
>>
>>
>> * I present an oversimplified version of the problem only to focus on
>> the bare essentials of the problem.
>>
>
>
- Next message: Andrew Sword [MVP]: "Re: Hardening Member Servers"
- Previous message: IanH: "Virus Checking Encrypted Email - Exchange & AD"
- In reply to: Roger Abell: "Re: Running programs for non-previleged users on XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
