Re: Running a program with elevated privilages

Thanks for the reply,

part of the problem with this application is that we know it's only on the first run of the application, we know that it needs to register an OCX on first run but as for the registry..... I guess regmon will need to be used.

Thanks for the reply.

Tony
"Chris M" <nobody@xxxxxxxxxxxxxxx> wrote in message news:fh9t3s$fql$1@xxxxxxxxxxx
tony houlihan wrote:
I understand that under windows 2000 the EPAL.exe program could be used to run a program which required a higher level of privilages than that of the logged in user but is this program usable under server 2003.

In addition to this does anyone know a better way of addressing this situation:

company with 20 client computers and 20 users. A legacy application is needed on all clients with all users using roaming profiles needing access to the program. The legacy app requires the user to have Admin rights on the first log in and lauch of the application (presumably to modify the HKEY\Local Users\ somthing key registry section), obviously this presents a headache for installation and administration..............

If I were you I'd find out what the program is trying to do that causes it to fail as a normal user. If it's trying to add a registry key as you have suggested, then you could perhaps push out the correct values via a Group Policy instead of running the program elevated.

Perhaps the program needs to be able to write to some files in its program folder, in which case you could relax filesystem permissions on the particular files that it uses.

In my opinion, it's better to relax the security on a couple of files or registry keys (depending on what they are, of course) than to run the whole program with admin rights.

Regmon and Filemon are invaluable tools for these situations:

http://www.microsoft.com/technet/sysinternals/default.mspx


--
Chris.

.

Relevant Pages

  • Re: hijack this startup - can someone tell me the hack i am experienci
    ... | *Registry key not found* ... | *Registry value not found* ... | Autorun entries from Registry: ... | Intel82801 Audio Driver Install Service: ...
    (microsoft.public.windowsxp.security_admin)
  • Help with Outlook profile script
    ... I would like to have a script that checks if the correct Outlook profile is configured in the users profile. ... Outlook profiles are configured in the following registry key: ...
    (microsoft.public.scripting.vbscript)
  • Re: Cannot Delete Registry Key
    ... > to the permissions on the bad key, ... >> [[Incorrectly editing the registry may severely damage your system. ... >> take ownership of the registry key by the current owner. ... >> MS-MVP Windows Shell/User ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Risks in Disabling Macro Security
    ... The trusted location is set up by creating a registry key at the location: ... our company security setup rejects EMails with .mdb ...
    (microsoft.public.access.security)
  • Re: Cannot install new printer drivers
    ... What is the registry key that Process Monitor reported ACCESS DENIED for? ... The only ACCESS DENIED message I saw that had anything to do with the ...
    (microsoft.public.windowsxp.print_fax)