Help!: Problems with Restricted access accounts
- From: Rich <richsa@xxxxxxxxx>
- Date: Thu, 15 Dec 2005 12:37:53 -0800
Hopefully someone here can point me in the right direction.
My company develops a product used by the healthcare industry. This
application was designed with a multi-tiered architecture; having a
series of business object DLLs that need to be registered on each local
machine to allow proper communications with our server.
Hospitals unfortunately tend not to be on the bleeding edge of technology
(with respect to their office computers) so our clients workstations
range from Windows 95 to Windows XP. Due to this, we are not able to
develop our application "for Windows XP".
Due to HIPAA Security regulations, the IT staffs tend to really clamp
down on user security; we have experienced users not having permissions
to create files under Program Files, not being able to access the
Internet, and not being able to install applications that require any
reading from/writing to the registry. Because of this, we are often
forced to install our product as an Administrator. When the user next
logs in, our product is properly registered and everything works fine.
Recently we encountered a problem on Windows XP systems - these all have
SP2, although I don't know for sure if that is part of the problem or
not.
Our clients have their users set up as Restricted user accounts. This
prevents us from installing as the user (no rights to register DLLs) so
we try our usual installation as an Administrator. As a test, the
administrator account runs our product and it works fine. However, when
the user tries again as a restricted access user account, problems result
- basically, the user is prevented from running our application. It
seems that the user is unable to "see" the DLL entries in the registry.
We have code in place to verify our business objects are registered
before allowing the user to proceed with the login process. Our check,
which essentially verifies the existance of our DLLs somewhere under the
TypeLib node of HKEY_CLASSES_ROOT, correctly locates the DLLs for Admin
and PowerUser accounts but for Restricted access accounts it comes up
empty on these WinXP systems. Since the registry has obviously not
changed, we assume that permissions are the problem.
If we give the user local admin rights, the problem goes away. However,
permissions on the client's network are managed by the client and are out
of our control. And they are reluctant to make changes just to allow our
product to work.
I also tried using "RunAs /profile /user:Administrator programname.exe".
This also allowed a Restricted access user to use our system.
Unfortunately, it pops up a dialog requesting an Administrator password -
this is something the users are not going to have access to.
I saw a post not long ago here inquiring about Admin rights for a single
program so I know others out there are having similar problems. How are
all of you getting around this?
Is it possible to execute RunAs silently? Perhaps passing the password
on the commandline so the user never sees the RunAs dialog? Inelegant as
it is, this would solve my immediate problems.
Is there another way to allow a Restricted access account to simply view
and read DLLs that are registered? My application does NOT require the
user to have write access.
Any help would be greatly appreciated.
Thanks in advance.
Regards,
Rich Ackerson
.
- Follow-Ups:
- Re: Help!: Problems with Restricted access accounts
- From: Robert Stradelski
- Re: Help!: Problems with Restricted access accounts
- Prev by Date: Re: Help! Icons and taskbar gone!
- Next by Date: Re: Do I have a worm OR virus...computer going very slow and ...
- Previous by thread: Re: Force Automatic Reboot or Shutdown
- Next by thread: Re: Help!: Problems with Restricted access accounts
- Index(es):
Relevant Pages
|
