Letting a program run with administrator rights

G

Guest

I've worked around the problem in my previous post, but can't solve this one.

Meedio just will not run under the restricted user. The thing is, I can
choose to run the app as, and type the admin password, but this is not a
solution I'm happy with. The point is, that one could turn the PC on, and it
boots and logs on as user:public but runs the app with administrative rights.
I don't want to type in the admin password every time the comp boots, to be
able to run that app. I actually have better things to do.
 
T

Torgeir Bakken \(MVP\)

Quayle said:
I've worked around the problem in my previous post, but can't solve this one.

Meedio just will not run under the restricted user. The thing is, I can
choose to run the app as, and type the admin password, but this is not a
solution I'm happy with. The point is, that one could turn the PC on, and it
boots and logs on as user:public but runs the app with administrative rights.
I don't want to type in the admin password every time the comp boots, to be
able to run that app. I actually have better things to do.
Click to expand...
Hi,

Different RunAs products listed here that accepts both username
and password on the command line, some free and some not, some
with encryption option for the password as well:

http://groups.google.com/[email protected]

Other ones not mentioned in the link above:

SUperior SU (free, has a command line iterface)
http://www.stefan-kuhr.de/supsu/main.php3

Supercrypt (as well as LSrunas/LSrunasE)
http://www.lansweeper.com/ls/lsrunas.aspx

Runasspc
http://www.robotronic.de/runasspcEn.html
 
S

Steven L Umbach

Unfortunately some programs just can not be run as a regular user but you
can give it your best shot but trying to track down where a regular user is
denied access and give them permissions to those folders/registry keys.
Start off by giving the user modify permission to the folder that the
application is in and also see if the application has a subfolder in the all
users profile under documents and settings\all users\application data where
you could also try giving the user modify permissions. The look in the
registry under HKLM[local machine]\software for the application key and give
the user full control.

If that does not work enable auditing of privilege use and object access for
failure on that computer in Local Security Policy and put the free tools
filemon and regmon from SysInternals on the computer. Then logon as a
regular user, start filemon with runas using administrator credentials, and
then try to run the application. As soon as it fails stop logging of filemon
and look for access denied entries in the results column and you can also
use options/filter highlight to highlight access denied which will make it
easier to find such entries as there could be thousands of file access
events recorded. If you find any give user modify permission for where
access was denied and try again. Do the same with regmon and also check the
security log for failure events for privilege use that could indicate the
user needs to be added to a user right in Local Security Policy/local
policies/user rights. Object access failure events for the user could be
helpful but most likely means that the user needs to be a local
administrator. If the program uses a service and the service is set to
manual try starting the service before logging on as a regular user to see
if that makes a difference. --- Steve

http://www.sysinternals.com/Utilities/Filemon.html --- Filemon and link to
SysInternals.
 
B

Bruce Chambers

Quayle said:
I've worked around the problem in my previous post, but can't solve this one.

Meedio just will not run under the restricted user. The thing is, I can
choose to run the app as, and type the admin password, but this is not a
solution I'm happy with. The point is, that one could turn the PC on, and it
boots and logs on as user:public but runs the app with administrative rights.
I don't want to type in the admin password every time the comp boots, to be
able to run that app. I actually have better things to do.
Click to expand...


You may experience some problems if the software was designed for
Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
designed. Quite simply, the application doesn't "know" how to handle
individual user profiles with differing security permissions levels, or
the application is designed to make to make changes to "off-limits"
sections of the Windows registry or protected Windows system folders.

For example, saved data are often stored in a sub-folder under the
application's folder within C:\Program Files - a place where no
inexperienced or limited user should ever have write permissions.

It may even be that the software requires "write" access to parts
of the registry or protected systems folders/files that are not normally
accessible to regular users. (This *won't* occur if the application is
properly written.) If this does prove to be the case, however, you're
often left with three options: Either grant the necessary users
appropriate higher access privileges (either as Power Users or local
administrators), explicitly grant normal users elevated privileges to
the affected folders and/or part(s) or the registry, or replace the
application with one that was properly designed specifically for
WinNT/2K/XP.

Some Programs Do Not Work If You Log On from Limited Account
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091

Additionally, here are a couple of tips suggested, in a reply to a
different post, by MS-MVP Kent W. England:

"If your game or application works with admin accounts, but not with
limited accounts, you can fix it to allow limited users to access the
program files folder with "change" capability rather than "read" which
is the default.

C:\>cacls "Program Files\appfolder" /e /t /p users:c

where "appfolder" is the folder where the application is installed.

If you wish to undo these changes, then run

C:\>cacls "Program Files\appfolder" /e /t /p users:r

If you still have a problem with running the program or saving
settings on limited accounts, you may need to change permissions on
the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
where "vendor\app" is the key that the software vendor used for your
specific program. Change the permissions on this key to allow Users
full control."



--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Give restricted user, admin rights to 1 program? 4
run startup scripts with administrative rights, 1
Running Add/Remove Programs with Administrative Rights 2
Admin Rights 2
Automation and user rights 1
Running programs with Admin-Rights 6
How to Always Run A Shortcut As Another User? 17
Running a user program with admin privileges 2

Top