RunAS Command & Limited Accounts

B

Bill Matthews

Hey Folks,

I have several IBM ThinkPad Laptops that we just got all
running Windows XP Professional. These Laptops have
limited accounts setup for all their primary users, as to
not allow to mess with any of the system settings.
However, their primary use is a piece of clinical software
which won't run properly outside of an Administrator
account on any of the Laptops. It needs to append to a log
file on every run, which the limited account doesn't have
access to.

However, I can use the 'run as' command to run said
program as Administrator or any other admin account which
is on the machine, it just doesn't save the setting. Is
there any way to tell an application to always run itself
under an administrator's account, no matter who is logged
onto the laptop? There's only 3 accounts on the laptops in
question 2 administrator accounts (1 the
default 'Administrator) & 1 limited account for the
computers user. All I need the Laptop to do is run this
one program as Administrator or the other admin account
under the limited account. Any advice? I could use help
ASAP. Thanks!

-Bill
 
F

Fritz

You have at least two options (that I can think of right away) here - either
modify the permissions on the log file to give the limited user write access
to it or write a batch script that runs the application using the "runas"
command.
 
B

Bill

Fritz,

Thanks for the suggestion, however it's more than just the
log file as I found out that needs read / write access
given for the user. Also, I would perfer not to have the
administrator user / pass sitting in a batch file for all
to see / obtain. Is there any way to change the
permissioning on this program or it's directory to allow
the limited account to have read/write/execute rights to
the directory? I think that would work.
 
F

Fritz

Absolutely. Just disable "Simple File Sharing" (from View/Folder Options)
in Windows Explorer, then when you right click on the Folder and select its
properties, you should see a 'Security' tab as long as the partition the
folder resides on is formatted with NTFS. If it isn't, you can convert it
into NTFS from the command line by running "convert C: /FS:NTFS".
 
R

Roger Abell

A few such applications actually have a hard-coded check in
them for Administrator or Administrators group membership.
Most applications however are only missing
1. write access in their install dir (such as for your log file, or
for temp scratch files)
2. write access to the reg entries of the application (persisting
data incorrectly outside of the user's area)
3. write access to other filesystem area's (looking for d:\temp, or
trying to alter the application's ini file in the windows dir)
Worse come to worse, one can download regmon and filemon
free utilities from the great guys at www.sysinternals.com and
locate where the access failure is happening.

Correcting the application's environment so that it runs without
admin privs is far, far superior to using any of the methods that
attempt to hide RunAs credentials.
 
B

Bill

Fritz,

Thank you very much! That was /exactly/ what I was looking
for. Issue solved. I can now modify the permissions on
individual directories in XP, perfect.

-Bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

limited account 1
run a start up program with a different user account 4
limited account cannot access internet 1
Guest and Limited Accounts Can't Access Programs 2
Hiding User Account at Log On 3
Lenovo recalls 80,000 5th Gen ThinkPad X1 Carbon laptops 0
Cannot change the account type back from limited, the other accoun 1
Can't change account type to limited or delete accounts 3

Top