Courtney said:
To be more clear about it- I have a XP machine on my Windows 2000 domain.
Only the restricted 'user' accounts log in to one particular machine. I need
to give this user account administrative rights to a particular program.
This program can only run if the user has admin rights to the folder
location. But I DO NOT want to give this user a unrestricted 'Domain
Administrator' account.
So simply add the user's domain account to the computer's local
administrators group.
Even if I try 'Run As' with administrator rights for the user acct., it
still causes errors because the user needs admin rights for the whole
directory, not just the program exe file.
Is this possible?
You may experience some problems if the software was designed for
Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
designed. Quite simply, the application doesn't "know" how to handle
individual user profiles with differing security permissions levels, or
the application is designed to make to make changes to "off-limits"
sections of the Windows registry or protected Windows system folders.
For example, saved data are often stored in a sub-folder under the
application's folder within C:\Program Files - a place where no
inexperienced or limited user should ever have write permissions.
It may even be that the software requires "write" access to parts
of the registry or protected systems folders/files that are not normally
accessible to regular users. (This *won't* occur if the application is
properly written.) If this does prove to be the case, however, you're
often left with three options: Either grant the necessary users
appropriate higher access privileges (either as Power Users or local
administrators), explicitly grant normal users elevated privileges to
the affected folders and/or part(s) or the registry, or replace the
application with one that was properly designed specifically for
WinNT/2K/XP.
Some Programs Do Not Work If You Log On from Limited Account
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091
Additionally, here are a couple of tips suggested, in a reply to a
different post, by MS-MVP Kent W. England:
"If your game or application works with admin accounts, but not with
limited accounts, you can fix it to allow limited users to access the
program files folder with "change" capability rather than "read" which
is the default.
C:\>cacls "Program Files\appfolder" /e /t /p users:c
where "appfolder" is the folder where the application is installed.
If you wish to undo these changes, then run
C:\>cacls "Program Files\appfolder" /e /t /p users:r
If you still have a problem with running the program or saving
settings on limited accounts, you may need to change permissions on
the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
where "vendor\app" is the key that the software vendor used for your
specific program. Change the permissions on this key to allow Users
full control."
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
