All Users Running Scripts From Admin Profile

J

Jason Silva

Hello,

We have several apps being run through an RDP. Some things were not working for non-admins. Using FileMon I saw that no matter which user was logged in, several scripts were trying to be run from the Administrator's Profile. Is there a way to force these script to run from the logged in user's profile. Actually, as I'm writing this I was thinking, would just copying the scripts, etc. from the admin profile to the all user's profile work?
 
V

Vera Noest [MVP]

For normal applications, this is taken care of automatically if you
install the application while the server is in "install" mode. Type
"change user /install" (without the quotes), install the application,
and then type "change user /execute".

If it's home-made scripts, make sure you put them on a network share
and provide all users with a shortcut to the script.
 
J

Jason Silva

Thank you Vera for you input. I did install the apps from Add/Remove
programs. Is this not the same as Install Mode?

Thanks,
 
V

Vera Noest [MVP]

Yes, that has the same effect, at least on W2K and higher. But
since Add/Remove programs doesn't work when you install updates
from a website, I prefer to always use the command method.

What kind of application is this? If the application doesn't use
the standard Windows API's or uses hardcoded search paths during
installation, then putting the server into install mode is not
going to help.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

Thank you Vera for you input. I did install the apps from
Add/Remove programs. Is this not the same as Install Mode?

Thanks,
Click to expand...
 
J

Jason Silva

Some Examples:
- A mortgage app that is basically an Access 97 app access msscript.dll from
the Admins' local settings.
- MS Outlook tries to run a script from the Admins' local settings when it
prints. MS Word doesn't have this issue though.
- USPS.COM, switching the drop down in the Find A Zip Code box runs
JSCRIPT.DLL from the Admin's profile as well.

Obviously, non-admins can't access the Admin's profile so these things fail.
Thanks again for helping me with this Vera.
 
V

Vera Noest [MVP]

Seems to me that something was not installed correctly.
dll's in a profile??? That's no place for dlls.
I'm not sure which application was installed incorrectly, though.
Could be the underlying Office97 (did you run the Application
Compatibility Scripts for Office97? And RootDrv.Cmd?), or the
applications you mention.
 
J

Jason Silva

Hello Vera,

I'll give you that, something is clearly up. What do you think the dangers
of giving rights to the admin's profile/Windows directory is? As near as I
can tell, it is just full of application dlls.
 
V

Vera Noest [MVP]

Personally, I would *not* go on with this.
If something is so drastically wrong, there will be no end to your
problems. I would reinstall the server from scratch. And before you
do that, investigate the applications to see which of them was
installed in such an improper way.

Normally, users have sufficient rights on the windows folder to be
able to read dlls that are placed there during application
installation. Of course, the administrators profile is off-limits
for normal users, and I wouldn't change that under any
circumstances.
 
G

Guest

Hi Jason!

As you mentioned in my post I think we are suffering the same type of problem.
Have been thinking some and come up with a possible cause and solution...
Maby... I haven’t tried it yet =)

It seems to me like Windows is “guessing†what settings it should use when
someone is logged on as Administrator. Our client has one user that is in
Domain Admins User Group and she is also experiencing the same things the
rest of the users do and it doesn’t matter that I give a user the same user
right as Administrator; I still bump in to the problem.

When I’m administrating their system I logon as Administrator and have no
problem surfing web pages that use JRE.

What I’m going to test is to create a new user (that has no profile) and
give it the same user rights as Administrator. Then logon to Terminal Server
and see if I get the same problem and use FileMon and/or RegMon to see what’s
trying to access the Administrator Profile. Then see if it can be corrected,
either by moving files somewhere were Domain Users can access them or change
registry keys so they point to specific user profile (like %Username% )…

What do you think, is there any grounds in my reasoning? =)


//Jonas
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Deleted all administrative priv profiles! Help! 16
MPV - versitile fast lean player. 3
Startup scripts not running 2
Migrated account needs admin access 8
running logon scripts - synchronously 0
where to put logon script for all new users of TSApp server 1
Copy local admin profile 3
Problem copying local profile to domain profile. 2

Top