• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Program permission issues

ivwshane

ivwshane

Lifer
I have a program that my users must be able to use but they are limited to the limited user account permissions.

I've had it before where they could run the program with no issues with their limited account but a recent update to the program has caused problems (and an older version cannot be found).

The program requires full permissions on the programs folder (and sub folders) as well as access to registry keys. (sounds like bad programming to me)

What's the best way to handle this?

I've given the users full control of the program folder but I'm not sure how or if I want to give them access to the registry.

Is there a way to have that program automatically ran as a particular user (without the limited user knowing)?
 
Originally posted by: ivwshane
The program requires full permissions on the programs folder (and sub folders) as well as access to registry keys. (sounds like bad programming to me)
Click to expand...
The *entire* Program Files folder? Not just it's own subfolder of it? That does seem rather excessive.
I've given the users full control of the program folder but I'm not sure how or if I want to give them access to the registry.
Click to expand...
You can assign permissions to keys and groups of keys. It's been a while since I did it, but IIRC you can just right-click on the keys in regedit and you'll get a permissions dialog much like the one for regular folder permissions.
Is there a way to have that program automatically ran as a particular user (without the limited user knowing)?
Click to expand...
"runas" with the "/savecred" flag can probably do this, but I think that would be a small-scale solution that would require you to manually setup each user on each machine. There's probably a better way that I'm not aware of, being that I'm not really a Windows guy.

 
No I changed the permissions on the program folder of the program I am working with.

I've tried changing the permissions on the reg keys but there are a ton of them!

This program is really garbage!
 
Is there a way to have that program automatically ran as a particular user (without the limited user knowing)?
Click to expand...

You don't want to go there. Mr. Baddie replaces your exe with his code that has the same name, and he now is running his code as that privileged user.
 
If the computers are WinXP Professional Edition, one workaround might be:

1) make a new shortcut to your program on the user's desktop screen

2) make a new Power User account by right-clicking My Computer > Manage > Snack Break > Local Users & Groups > Groups > Power Users

3) give the Power User account a password that does not expire and cannot be changed

4) now right-click your desktop shortcut and choose Properties. Let's say it says "C:\Program Files\Internet Explorer\IEXPLORE.EXE" in the Target: box. Stick runas /user:name_of_Power_User_account_here /savecred in front of that string, and change the Start In: box to somewhere that your Limited user has access to, like "C:\Documents and settings\user"

5) now start the program using the shortcut. It'll ask for the password to that Power User account this first time. Hopefully you don't have to further elevate the Power User account to full Admin powers, but that would be one final option.


At work, I have one user at work using QuickBooks, The World's Most Retarded Program?, and this allowed me to get her down to a Restricted User account for everything else, at least.

One disadvantage is that this program will look by default at an entirely different desktop, mapped drives, My Documents folder, etc, because it's running under that Power User account. Also, while the user's browser and email and etc will run at their minimal privilege level, they could use the Power User account to get into stuff that their Limited/Restricted-User account won't let them into, via whatever file-browsing capabilities this elevated program has.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top