Re: Win XP Prof Limited Account
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/05/03
- Next message: Shain Wray [MSFT]: "Re: Remote Access Connection Manager"
- Previous message: Roger Abell: "Re: Making Secondary Logon more secure?"
- In reply to: Rob: "Re: Win XP Prof Limited Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Dec 2003 19:38:13 -0700
The first thing to do is check with the software maker.
Usually a few cacls commands issued by an admin
to grant looser permissions to the Users group cures
things.
cacls "c:\program files\app install dir" /t /e /g Users:C
or sub the folder path with full pathname for the .ini, etc.
Sometimes one also needs to loosen permissions in the
registry, or find well hidden filesystem locations.
For these regmon and filemon free utilities from
www.sysinternals.com can be very useful (once you
learn how to control their scope).
I usually also recommend advising the vendor that made
the software that Windows certified is something that I do
take into account in future software purchasing choices.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Rob" <anonymous@discussions.microsoft.com> wrote in message news:0b3f01c3bab6$016d7270$a001280a@phx.gbl... > > >-----Original Message----- > >That is not how things happen. > >An app starts in an account (the one that launces it) > >and acquired the security context of that account. > >If launched in a non-admin security context it will > >only be able to access what is allowed to that context. > >This solution is to grant that account the permissions > >needed to run the application, for example, Change on > >the folder where the app is installed is often the issue. > > > >-- > >Roger Abell > >Microsoft MVP (Windows Server System: Security) > >MCSE (W2k3,W2k,Nt4) MCDBA > >"Victor" <anonymous@discussions.microsoft.com> wrote in > message > >news:0c3501c3b9be$bd087a00$a501280a@phx.gbl... > >> Hello, > >> Would like to know how I can grant a program > >> administrative rights to run under a limited account. I > >> dont mean using the run as command but to give that > >> program administrative rights all the time. I have a > user > >> on limited account, and when the program is run it does > >> not have the permission. I want to be able to allow it > to > >> run in administrative mode from the limited account > >> automatically. > >> > >> Thankyou in advance > > > > > >. > > > > I have basically the same problem. I noticed that programs > that write to an .ini or .dat file each time a program is > started fail if the user doesn't have admin rights. I also > noticed that the dir "\Program Files" has a "R" attribute. > and is owned by the admin account that installed it. Any > help is appreciated.
- Next message: Shain Wray [MSFT]: "Re: Remote Access Connection Manager"
- Previous message: Roger Abell: "Re: Making Secondary Logon more secure?"
- In reply to: Rob: "Re: Win XP Prof Limited Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
