newguy said:
We have an app here at work that will only run as a user with admin rights.
In 2k they could be a power user but not in xp. The developers here at work
do not want to listen and think that giving the user admin rights is the best
solution. I can think a more that a couple of reasons not to give all the
users local admin rights but that is a different post.
My question is other then scripting RunAs with VBscript to run the app is
there any way to give the users admin like rights for just that app. Like
with a GPO or regedit hack. If scripting is the only solution then how can I
encrypt the script so my password is not in clear text. Or if this is not the
right newsgroup let me know where to go
You may experience some problems if the software was designed for
Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
designed. Quite simply, the installation routine for this application
doesn't "know" how to handle individual user profiles, or the
application tries to make changes to "off-limits" sections of the
registry or protected Windows system folders. Quite often, you can make
this software available to other users by _copying_ the Start Menu
folder and Desktop folder shortcuts from the user profile from which the
software was installed in the corresponding folders in the user
profile(s) in which you'd like the software to be accessible. If the
application is something that can/should be made available to all
current and future users, copying the shortcuts into the corresponding
locations of the All Users profile will do the trick.
For some obscure reason, game developers in particular seem to not
understand WinXP's file security paradigm, and require even limited
users to have unnecessarily high privileges to protected systems
folders. For example, saved games are often stored in a sub-folder
under the game's folder within C:\Program Files - a place where no
inexperienced or limited user should ever have write permissions.
NOTE: This may not work if the software requires access to parts
of the hard drive and/or registry that are not normally accessible to
regular users. (This won't occur if the application was properly
written.) If this does prove to be the case, however, you're left with
two options: Either grant the necessary users appropriate higher access
privileges (either as Power Users or local administrators), or replace
the application with one that was properly designed specifically for
WinNT/2K/XP.
Some Programs Do Not Work If You Log On from Limited Account
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091
Additionally, here are a couple of tips suggested, in a reply to a
different post, by MS-MVP Kent W. England:
"If your game or application works with admin accounts, but not with
limited accounts, you can fix it to allow limited users to access the
program files folder with "change" capability rather than "read" which
is the default.
C:\>cacls "Program Files\appfolder" /e /t /p users:c
where "appfolder" is the folder where the application is installed.
If you wish to undo these changes, then run
C:\>cacls "Program Files\appfolder" /e /t /p users:r
If you still have a problem with running the program or saving
settings on limited accounts, you may need to change permissions on
the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
where "vendor\app" is the key that the software vendor used for your
specific program. Change the permissions on this key to allow Users
full control."
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH