Re: User rights problem (Least Privilege)
- From: "Ahmed" <ahmed_akber@xxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 20:00:02 -0800
Dear Bruce
After giving write permission to Users group on Windows folder the
application runs smoothly.
Thanks for your reply
"Bruce Chambers" wrote:
> Ahmed wrote:
> > Hi All,
> >
> > I am managing a small network with Windows 2003 as DC and XP as clients.
> > Some of my applications does not run under normal user account, is there any
> > way to give permission to applications instead of adding users to power user
> > or admin group. Some 3rd party tools are available but i m looking for
> > builtin option in windows xp or through 2003 GP.
> >
>
>
>
> You may experience some problems if the software was designed for
> Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
> designed. Quite simply, the application doesn't "know" how to handle
> individual user profiles with differing security permissions levels, or
> the application is designed to make to make changes to "off-limits"
> sections of the Windows registry or protected Windows system folders.
>
> For example, saved data are often stored in a sub-folder under the
> application's folder within C:\Program Files - a place where no
> inexperienced or limited user should ever have write permissions.
>
> It may even be that the software requires "write" access to parts
> of the registry or protected systems folders/files that are not normally
> accessible to regular users. (This *won't* occur if the application is
> properly written.) If this does prove to be the case, however, you're
> often left with three options: Either grant the necessary users
> appropriate higher access privileges (either as Power Users or local
> administrators), explicitly grant normal users elevated privileges to
> the affected folders and/or part(s) or the registry, or replace the
> application with one that was properly designed specifically for
> WinNT/2K/XP.
>
> Some Programs Do Not Work If You Log On from Limited Account
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091
>
> Additionally, here are a couple of tips suggested, in a reply to a
> different post, by MS-MVP Kent W. England:
>
> "If your game or application works with admin accounts, but not with
> limited accounts, you can fix it to allow limited users to access the
> program files folder with "change" capability rather than "read" which
> is the default.
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:c
>
> where "appfolder" is the folder where the application is installed.
>
> If you wish to undo these changes, then run
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:r
>
> If you still have a problem with running the program or saving
> settings on limited accounts, you may need to change permissions on
> the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
> where "vendor\app" is the key that the software vendor used for your
> specific program. Change the permissions on this key to allow Users
> full control."
>
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on having
> both at once. - RAH
>
.
- References:
- Re: User rights problem (Least Privilege)
- From: Bruce Chambers
- Re: User rights problem (Least Privilege)
- Prev by Date: Re: Home Folder
- Next by Date: Re: Can't Ping My Own IP Address
- Previous by thread: Re: User rights problem (Least Privilege)
- Next by thread: Re: Windows password and network password
- Index(es):
Relevant Pages
|
