Re: Manage User Privileges Programmatically

From: Larry Smith (no_spam_at__nospam.com)
Date: 10/24/05 

Date: Mon, 24 Oct 2005 11:46:51 -0400

> Solution: document in the install docs that your installed expects a
> group named "x" that is granted the user right to log on as a service,
> and give the admin a way to specify "x" if they do not like your
> default. Your installer just makes sure the account is in the group.
> Everyone is happy. It works with group policy latch down, your
> install works and keeps working, and admins do not feel your install
> is being sneeky tweaking critical settings behind the scenes.

Your rationale may be that this is a cleaner way of doing it but as for
security, an install program normally needs admin rights in which case it
can pretty much blow your machine up if it wants (let alone play with
criticial settings). There's an element of trust that comes with letting a
program run as an administrator and in practice one can't have it both ways
(allowing an app to run with elevated rights but then trying to lock the
machine down so tight that it can't do its job).

Relevant Pages

  • Re: Remote Rollout
    ... We're currently trying to rollout Outlook 2000 to all our users so we ... This doesn't happen if the user has admin ... Is there anyway to stop it rebooting after install? ... it tells them that it needs admin rights to finish ...
    (microsoft.public.outlook.installation)
  • Re: setting account type problem
    ... > I am using win xp pro, I want to set up a user account where the user ... > installed I have to log on to install it. ... > run the program she gets a message that she needs admin rights. ... File and directory permissions, possibly registry key permissions may be ...
    (microsoft.public.windowsxp.newusers)
  • Re: Rights...
    ... You need to identify if your ActiveX needs admin rights to install or to work. ... If it needs admin rights for installation, whish is pretty normal, you should deploy it through a software distribution channel like SCCM for example or if your clients are running Vista, make use of the service responsible for installing authorized ActiveX on behalf of the simple user. ... to the ActiveX under limted user account? ...
    (microsoft.public.windows.server.general)
  • setting account type problem
    ... allowed to install and run software. ... here is a “for instance” my daughter who is ... I have no problem with it but because she has only a limited account on ... that she needs admin rights. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Sweet mother of Pete........
    ... GoToMyPC can be installed WITHOUT elevated privelages. ... >> install anything on his machine unless I log him off and log in as ... >> administrator. ... >> needs admin rights to install? ...
    (microsoft.public.backoffice.smallbiz2000)