Re: Running Applications and Adming Rights

From: Barry Young (youngbar_at_insightbb.com)
Date: 08/03/04 

Date: Tue, 03 Aug 2004 01:35:13 GMT

Thanks Colin,

Again, I didn't give the Domain Admin rights, I am an application developer
that is trying to install an application and the Network Admin set the user
access rights for the install. I installed a Access 2000 app and Palm
Desktoip and a specialized conduit app, and everything worked fine under the
user as admin.

The application is an Access 2000 application using their local platform
configuration. I create an MDE file (runtim file) and copy the file to
their machine and run it under Access 2000. I have had strange things
happen as a result of Admin vs User rights to the machine. In this cases, I
have had to copy the source code to the target machine and create the MDE or
compile the app on the machine to get it to run. If I compile it on another
XP machine and copy the file I get reference errors. (This is probably and
Access Forum Question).

So my question now is, the application was installed under the User as part
of the Admins Domain Group. Now the user has been removed from this group ,
the Admin has granted read / write access to all the application folders,
and still is having problems accessing the file. If they log on as Admin,
no problem... If they log on as a user who has been given the rights, still
this user has problems.

Basically, the goal is not to have to return on-site and re-install
everything.

Any suggestion on what to do?

Thanks for all of your help!

Barry

"Colin Nash [MVP]" <cnash x@x mvps.org> wrote in message
news:OZEtfgPeEHA.3988@tk2msftngp13.phx.gbl...
> First of all, you should never never never never give Domain Admin rights
to
> the users. That is completely unnecessary and pretty much allows that
user
> to destroy your whole domain. It's important to understand what "Domain
> Admin" means.
>
> You can give a user admin rights to a local machine. On the machine, run
> LUSRMGR.MSC from Start --> Run and add them to the Administrators group.
> This limits their 'power' to that specific computer.
>
> The best practice though is to have all users run under standard user
> accounts with no admin privileges. If the application insists on having
> admin rights, you should re-evaluate its use and/or contact the publisher
> for an updated version. Most properly-written applications will require
an
> administrator to install it, but can then be used by any user.
>
> You might have to give NTFS permissions to some folders/files and
> permissions to some registry keys if you want to keep the user limited
while
> allowing them to run programs that are poorly designed. There is no magic
> bullet solution other than playing with the NTFS permissions and using
> REGEDT32 to set permissions on whatever registry keys it tries to change.
>
> From what I can recall about Palm's desktop software: You need to make
the
> user an administrator (of the workstation, not of the domain!!!), install
it
> under their profile, give them NTFS permissions to the C:\PALM folder (or
> wherever it gets installed... maybe under PROGRAM FILES) , run the program
> once doing a sync, and then remove the admin rights.
>
>
>
>
>
>
> "Barry Young" <youngbar@insightbb.com> wrote in message
> news:0ABPc.236779$Oq2.95501@attbi_s52...
> >I have an application that is installed on a XP machine that is part of a
> > network. In order to install the applications the user was made a part
of
> > the Domain Admins group . The application was installed and working
fine.
> > Then the network administrator removed the user out of the Domain Admins
> > group and now the application is having problems running. Files in the
> > application folder became read only, even after the user was given
rights
> > to
> > the application folders, things are not running properly.
> >
> > What is the proper way to install an application on a machine in a
domain
> > based environment?
> >
> > You need admin rights to install, but then have problems running the
> > application.
> >
> > The application also uses Palm Desktop and conduits, how do you manage
the
> > installation of this logged on as Admin and then giving the appropriate
> > rights to the folders and application libraries.
> >
> > Thanks!
> >
> > Barry
> >
> >
>
>

Relevant Pages

  • Re: Prevent users from installing software
    ... Just take them out of the admin group. ... If that user has admin rights, ... If your admins need to install software, just have them use the runas ... > as logging off and logging on as one of them to install the software, ...
    (microsoft.public.win2000.security)
  • Re: Client Installation Issues: SMS 2.0 SP5
    ... Lets say the account I use for> the SMS Services is SMSAdmin. ... I setup the Client> Installation Account as what was listed above being our local admin ... password on some> of those, but any other idea's why prior to this, the client didn't want to> install? ... Grant the>> service account admin rights on every box, ...
    (microsoft.public.sms.setup)
  • win xp admin nightmare
    ... She has several malware folders in her program files folder, ... doesn't have full admin rights, when you check the individual file ... we can get full admin control I think I can get it cleaned up. ... anyone have experience with doing a clean install form this HP ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Deny Interactive Logon but Allow Runas
    ... users may also need to install a fix-pack, ... be an admin to install. ... if your secret app is really so bad ... As our users don't have local admin rights they usually have ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Running Applications and Adming Rights
    ... Well you can still give the user Admin rights to workstation. ... account if he wanted to... ... > access rights for the install. ...
    (microsoft.public.windowsxp.security_admin)