Re: Help!: Problems with Restricted access accounts

Leythos,

Thanks for the reply. I guess I should have worded my initial query a
bit differently.
>
> Microsoft can direct you to the PROPER CODING PRACTICES for secure
> environments. Restricted users can still write to the registry, just
> not where you're wanting to write too.
>
I completely understand why a restricted account would not be able to
WRITE to portions of the registry and I believe that HKEY_CURRENT_USER is
generally open to even a restricted account. It doesn't take a genius to
grasp that. But that is not the question I was asking. I am curious why
we cannot READ data that is already there.

> There are many solutions to your problem,

Stating one solution would be very welcome. For instance, my quesiton
about running RunAs silently. Is it possible?

> but, my guess would be that
> since you've been doing it wrong for so long that it's going to cost a
> lot to rework the apps to properly comply with normal security
> settings on workstations.
>
True, our handling of the registry needs to be changed and reworking our
application is going to take a sizeable amount of time. However, "normal
security settings on workstations" is a bit of a vague term. As I
indicated in my initial post, our application runs on Windows 9x
workstations as well as Windows 2000 and XP. True, the modern flavors of
Windows have a more precise security system in place, but the older ones
do not. So, if we've been "doing it wrong" for so long, its only because
WINDOWS did it wrong for so long.

> I've seen this many times, even Quickbooks has this issue, and so do
> many developers/companies that didn't see this coming - security is
> going to be here for a long time, get use to the proper way of coding.
>
Trust me, as someone who has to deal with HIPAA and its over-the-top
security regulations for a living, you don't have to lecture me on
security. And please forgive me for thinking I should be able to use
REGSVR32 to register a DLL in Windows and then have that DLL be
accessible. What was I thinking?

> If you are not already an ISV or Microsoft Partner you should join and
> then you can call them for help.
>
Thanks for the advice.
.

Relevant Pages

  • Re: Minimum NTFS Permissions on the SystemDrive
    ... File system and registry access control list modifications ... Microsoft Windows XP and Microsoft Windows Server 2003 have considerably ... You can no longer use the Anonymous security ... Additional ACL changes may invalidate all or most of the application ...
    (microsoft.public.windows.server.security)
  • Re: security software problem
    ... Click the Advanced tab to see where it loads in the registry. ... Windows Explorer download Hijack This: ... > decided to uninstall and upgrade to f-secure's internet security suite. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Found HWS.EXE & INSTALL.DAT Pls Advise
    ... Reg fixes plus learning of a way of to get into the Registry when all the ... MUI file in it's bliue border, prior to booting into Windows. ... works through the hang then my Personal Settings loaded. ... tight security settings on both your Anti-Virus and your Browser security ...
    (microsoft.public.windowsxp.general)
  • RE: Internet explorer - internet options - no security tab
    ... See if you have set Local policy (in Windows 2000/XP) at ... This solution involves modifying Registry. ... "Security_Options_Edit" which prevents users from changing security zone ... Depending on your operating system it is found in ...\Windows System or ...
    (microsoft.public.windows.inetexplorer.ie6.ieak)
  • Re: XP Less Secure than 98 for Sharing Files.. Conclusion
    ... I have posted in here before to say that I use MS's Security ... certain extent a Windows box. ... to fiddle with the registry _by hand_ to achieve the desired result. ... documents, newsgroups or whatever, needs nothing more than the Poledit tool ...
    (microsoft.public.windowsxp.security_admin)