How do you run a program which needs a higher permissions level when you dont wish to raise the overall permissions level for the user?

This machine is not on a 2000 domain
using local security on a 2000 workstation,
I have a user who belongs to the "user" group
I dont wish to raise their permission level to "power user"
i have a program which needs to be run on the "power user" level.
how can i assign permissions to that program to run at a higher level level?
or
can i run the program as another user without having a password prompt?
or
is there a way i can enable registry changes in the local policy editor snap in in the mmc?
or
can i create a custom group with the permissions i need?
oweestaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

darth_wannabeCommented:
psexec might help you out http://www.sysinternals.com/ntw2k/freeware/pstools.shtml

also maybe RUNAS, although I think you get prompted for the password

RUNAS USAGE:

RUNAS [/profile] [/env] [/netonly] /user:<UserName> program

   /profile        if the user's profile needs to be loaded
   /env            to use current environment instead of user's.
   /netonly        use if the credentials specified are for remote access only.
   /user           <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   program         command line for EXE.  See below for examples

Examples:
> runas /profile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

NOTE:  Enter user's password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
0
oBdACommented:
Find out which permissions are missing.
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
(Do I need to mention that you only need to audit failures?)
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
It's sort of a tedious job, but you'll soon gt the hang of it ...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.