Allowed home directories using runas command

G

Guest

Hi there,

Is there any way I can allow standard user account users with restricted
access to logo to an Windows XP Pro PC on a Win 2003 domain and run a program
using runas credentials for an enhanced permissions users account to execute
a program but still get access to their home directory whilst logged in under
the enhanced users credentials.

Any advice appreciated.

Regards,

Tony
 
P

Pegasus \(MVP\)

bud21 said:
Hi there,

Is there any way I can allow standard user account users with restricted
access to logo to an Windows XP Pro PC on a Win 2003 domain and run a program
using runas credentials for an enhanced permissions users account to execute
a program but still get access to their home directory whilst logged in under
the enhanced users credentials.

Any advice appreciated.

Regards,

Tony
Click to expand...

Sure - simply include the enhanced user account in the
permission structure for the user's home directory.
 
G

Guest

Hi Pegasus,

Thanks for your response.

Yea we had though of that BUT because a lot of our users will be using this
runas command and the enhanced account to run software this opens up the
possibility of allowing any user that has been granted permissions to the
apps user to be able to hack into other users accounts i.e. by mapping or
UNCing into their accounts thus negating our NTFS permissions on the accounts
so that only the owner of the account and the administrators can access their
account’s home directory.

Is there any other way to achieve what I require, that is once a user login
in as their standard user account and uses the runas command to execute
software they have their home directories automatically mapped.

Thanks in anticipation,

Tony
 
P

Pegasus \(MVP\)

You write "...i.e. by mapping or UNCing into their accounts
thus negating our NTFS permissions...". There appears to be
a misconception here. Mapping a share, whatever means you
use, does NOT get around NTFS permissions.

A better solution might be to create a local group that has
sufficient privileges to execute your application yet insufficient
priviliges to access users' home folders. You then make all
domain users members of this local group.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

runas causes application freeze 2
RUNAS command 6
Setting up XP on a domain network - best practices question 1
SRP and Run As... 1
Using NTbackup with RUNAS 1
Network Share Help 1
Automating the "RunAs" command 1
XP Home Edition -- Computer Administrator question 2

Top