Re: Running a program with elevated privilages

You just need to create an msi package for it, using a packaging tool. Then
you can keep admin rights restricted. Or you could use a script or a
deployment tool to run the setup.
Anthony, http://www.airdesk.co.uk


"tony houlihan" <tony@xxxxxxxxxxxxxxxxxxx> wrote in message
news:060B0FE5-8C2B-45FE-8618-F87FB91F8017@xxxxxxxxxxxxxxxx
Thanks for the reply,

part of the problem with this application is that we know it's only on the
first run of the application, we know that it needs to register an OCX on
first run but as for the registry..... I guess regmon will need to be
used.

Thanks for the reply.

Tony
"Chris M" <nobody@xxxxxxxxxxxxxxx> wrote in message
news:fh9t3s$fql$1@xxxxxxxxxxx
tony houlihan wrote:
I understand that under windows 2000 the EPAL.exe program could be used
to run a program which required a higher level of privilages than that
of the logged in user but is this program usable under server 2003.

In addition to this does anyone know a better way of addressing this
situation:

company with 20 client computers and 20 users. A legacy application is
needed on all clients with all users using roaming profiles needing
access to the program. The legacy app requires the user to have Admin
rights on the first log in and lauch of the application (presumably to
modify the HKEY\Local Users\ somthing key registry section), obviously
this presents a headache for installation and
administration..............

If I were you I'd find out what the program is trying to do that causes
it to fail as a normal user. If it's trying to add a registry key as you
have suggested, then you could perhaps push out the correct values via a
Group Policy instead of running the program elevated.

Perhaps the program needs to be able to write to some files in its
program folder, in which case you could relax filesystem permissions on
the particular files that it uses.

In my opinion, it's better to relax the security on a couple of files or
registry keys (depending on what they are, of course) than to run the
whole program with admin rights.

Regmon and Filemon are invaluable tools for these situations:

http://www.microsoft.com/technet/sysinternals/default.mspx


--
Chris.



.

Relevant Pages

  • Re: Running a program with elevated privilages
    ... The legacy app requires the user to have Admin rights on the first log in and lauch of the application, ... If it's trying to add a registry key as you have suggested, then you could perhaps push out the correct values via a Group Policy instead of running the program elevated. ... Perhaps the program needs to be able to write to some files in its program folder, in which case you could relax filesystem permissions on the particular files that it uses. ... In my opinion, it's better to relax the security on a couple of files or registry keys than to run the whole program with admin rights. ...
    (microsoft.public.windows.server.security)
  • Re: Running a program with elevated privilages
    ... If it's trying to add a registry key as you have suggested, then you could perhaps push out the correct values via a Group Policy instead of running the program elevated. ... Perhaps the program needs to be able to write to some files in its program folder, in which case you could relax filesystem permissions on the particular files that it uses. ... In my opinion, it's better to relax the security on a couple of files or registry keys than to run the whole program with admin rights. ...
    (microsoft.public.windows.server.security)
  • Re: Security
    ... "George Hester" said ... The user did have admin rights that was signed on at the ... The GPO was not 'violated'. ... Use ACL's on the registry key. ...
    (microsoft.public.win2000.group_policy)
  • error 1406 setup cannot write to registry
    ... I had recently upgraded one of my users to Office 2007 (with admin rights); ... everything was working fine untill one day he goes to run excel again and it ... value Content Type to the registry key \.xlsx. ...
    (microsoft.public.excel.misc)
  • Re: remotely connecting to registry
    ... >go to that machine and as a local administrator open ... >permissions on that registry key. ... >> Administrator on the local computer with admin rights ... >> The user on the local computer with admin rights. ...
    (microsoft.public.windowsxp.security_admin)