Re: Running Applications and Adming Rights
From: Colin Nash [MVP] (x_at_x)
Date: 08/03/04
- Next message: Feng Mao: "Re: Is there a new dialog for Windows Update or have I been hijacked?"
- Previous message: Robert Gu [MSFT]: "Re: ENCRYPTION - Oh Man, I've done it now!"
- In reply to: Barry Young: "Re: Running Applications and Adming Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Aug 2004 22:10:08 -0400
Well you can still give the user Admin rights to workstation. It's bad, but
not as bad as Domain Admin. (Domain Admin could delete everybody else's
account if he wanted to... or wipe out the files on servers)
You should be able to remotely connect to the computer and add the user to
the *local* admin group. Have the network admin do this:
Run COMPMGMT.MSC from Start ---> Run. Right-click on the top where it says
"Computer Management (Local)" and choose Connect to another computer...
Type the name of the computer (or browse to it.) Click OK. Under the
Local Users and Groups section, open up the Administrators group and add the
users domain account into there (for example DomainName\BOB.) Actually, try
it with "Power Users" instead of "Administrators" first, and see if that
works. Changes will take effect the next time the user logs out and back
into the system.
As a network admin, I would want you, as a developer, to make your app work
while logged in with a non-privileged account. I don't know enough about
development to really help you with that. Anyway, that's where I'm coming
from here :)
-- Colin Nash Microsoft MVP Windows Printing/Imaging/Hardware "Barry Young" <youngbar@insightbb.com> wrote in message news:lZBPc.80522$eM2.48726@attbi_s51... > Thanks Colin, > > Again, I didn't give the Domain Admin rights, I am an application > developer > that is trying to install an application and the Network Admin set the > user > access rights for the install. I installed a Access 2000 app and Palm > Desktoip and a specialized conduit app, and everything worked fine under > the > user as admin. > > The application is an Access 2000 application using their local platform > configuration. I create an MDE file (runtim file) and copy the file to > their machine and run it under Access 2000. I have had strange things > happen as a result of Admin vs User rights to the machine. In this cases, > I > have had to copy the source code to the target machine and create the MDE > or > compile the app on the machine to get it to run. If I compile it on > another > XP machine and copy the file I get reference errors. (This is probably > and > Access Forum Question). > > So my question now is, the application was installed under the User as > part > of the Admins Domain Group. Now the user has been removed from this group > , > the Admin has granted read / write access to all the application folders, > and still is having problems accessing the file. If they log on as Admin, > no problem... If they log on as a user who has been given the rights, > still > this user has problems. > > Basically, the goal is not to have to return on-site and re-install > everything. > > Any suggestion on what to do? > > Thanks for all of your help! > > Barry > > > > > "Colin Nash [MVP]" <cnash x@x mvps.org> wrote in message > news:OZEtfgPeEHA.3988@tk2msftngp13.phx.gbl... >> First of all, you should never never never never give Domain Admin rights > to >> the users. That is completely unnecessary and pretty much allows that > user >> to destroy your whole domain. It's important to understand what "Domain >> Admin" means. >> >> You can give a user admin rights to a local machine. On the machine, run >> LUSRMGR.MSC from Start --> Run and add them to the Administrators group. >> This limits their 'power' to that specific computer. >> >> The best practice though is to have all users run under standard user >> accounts with no admin privileges. If the application insists on having >> admin rights, you should re-evaluate its use and/or contact the publisher >> for an updated version. Most properly-written applications will require > an >> administrator to install it, but can then be used by any user. >> >> You might have to give NTFS permissions to some folders/files and >> permissions to some registry keys if you want to keep the user limited > while >> allowing them to run programs that are poorly designed. There is no >> magic >> bullet solution other than playing with the NTFS permissions and using >> REGEDT32 to set permissions on whatever registry keys it tries to change. >> >> From what I can recall about Palm's desktop software: You need to make > the >> user an administrator (of the workstation, not of the domain!!!), install > it >> under their profile, give them NTFS permissions to the C:\PALM folder (or >> wherever it gets installed... maybe under PROGRAM FILES) , run the >> program >> once doing a sync, and then remove the admin rights. >> >> >> >> >> >> >> "Barry Young" <youngbar@insightbb.com> wrote in message >> news:0ABPc.236779$Oq2.95501@attbi_s52... >> >I have an application that is installed on a XP machine that is part of >> >a >> > network. In order to install the applications the user was made a part > of >> > the Domain Admins group . The application was installed and working > fine. >> > Then the network administrator removed the user out of the Domain >> > Admins >> > group and now the application is having problems running. Files in the >> > application folder became read only, even after the user was given > rights >> > to >> > the application folders, things are not running properly. >> > >> > What is the proper way to install an application on a machine in a > domain >> > based environment? >> > >> > You need admin rights to install, but then have problems running the >> > application. >> > >> > The application also uses Palm Desktop and conduits, how do you manage > the >> > installation of this logged on as Admin and then giving the appropriate >> > rights to the folders and application libraries. >> > >> > Thanks! >> > >> > Barry >> > >> > >> >> > >
- Next message: Feng Mao: "Re: Is there a new dialog for Windows Update or have I been hijacked?"
- Previous message: Robert Gu [MSFT]: "Re: ENCRYPTION - Oh Man, I've done it now!"
- In reply to: Barry Young: "Re: Running Applications and Adming Rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
