Re: Program needs Administrator access
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 2 May 2006 23:10:31 -0500
If you can not get the application to work for regular users then it still
is worthwhile to use Group Policy and Software Restriction Policies to try
and lock users down. This will not stop determined and skilled users from
doing things to the computer that are not wanted but probably will restrict
the vast majority of users that do not understand what the administrator
account is and can do or do not care. Adding the users to a global group
[assuming an Active Directory domain here] and giving that group deny
permissions for write and delete to the program files folder and system
folder may be worth attempting though the users may need more access to the
application folder itself in the program files folder. --- Steve
"Wayne" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CEBFBFF1-E005-4EB3-8AFA-9E017634D1D6@xxxxxxxxxxxxxxxx
Thanks Colin / others, Interactive logon worked.
I'm not overly happy with the amount of security it gives the user, but I
need to deploy this lab ASAP for other reasons. Modifying NTFS
permissions
didn't seem to work, and I not sure about the registry settings. I will
try
some of the other fore mentioned solutions.
This is a school setting.
MCP, MCSE, A+, Apple, etc. etc.
"Colin Nash [MVP]" wrote:
"Wayne" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3DE936CE-7EA7-4548-9847-1CD94E0A3FDE@xxxxxxxxxxxxxxxx
I have a group of windows xp computers that run Autocad. I can not run
the
program unless they have administrative privileges. If I use the runas
shortcut I can run the program, but, the user can not open their
network
drive to find one of there files. I can not make each user a local
administrator because I have 1000 users (that change yearly). Is there
a
way
to make every authenticated user logon with local administrator
privileges
at
logon, or some other access to the program I'm not thinking of?
Often you can get these apps to work by giving Modify NTFS permissions to
the program folders, to the users and/or giving them permissions to
modify
the registry keys associated with the app.
If that fails, you could add INTERACTIVE to the local admin group on the
workstations if you really want to let every person who logs on locally
to
have admin rights. This is slightly better than adding "Everyone"
because
at least people will need to physically access the workstation to gain
the
admin privilege. It's still not a great idea security-wise though.
If you have a domain, you could create an "Autocad Users" group and then
add
this group to the local administrators group on workstations (either
manually or automatically with a restricted groups group policy.) Then
you
just need to populate this group with the appropriate users, as they come
and go.
If this is a school-type setting you may want to look into the Shared
Computer Toolkit which will let you put some restrictions on the systems
even if you are giving everyone the admin rights.
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx .
Specifically,
the Windows Disk Protection feature may be of use (it can reset all
changes
made to the hard drive back to initial settings on each reboot.)
--
Colin Nash
Microsoft MVP
Windows Shell/User
.
- References:
- Re: Program needs Administrator access
- From: Colin Nash [MVP]
- Re: Program needs Administrator access
- Prev by Date: Re: How do you use the Data Recovery Agent?
- Next by Date: Re: Open File Security Warning
- Previous by thread: Re: Program needs Administrator access
- Next by thread: Re: Program needs Administrator access
- Index(es):
Relevant Pages
|
