Solved

Autosketch & Windows Security

Posted on 2004-03-24
11
262 Views
Last Modified: 2013-12-04
Hi there,

We use Autosketch 8 on our school win2k network (2k servers and 2k stations). Greoup policies are setup, altho not by me.

If a member of staff logs onto a computer and uses autosketch, they can save with no problem at all. If a student logs onto the same computer, Autosketch comes up with a "this aciton has been restricted by security, see your network admin etc blah blah" message, then crashes, losing the file that was being worked on.

This is not restricted to one computer. It does not occur on our win98 stations. All users have FULL control on the local win2k workstation.

From this I can only conclude that it is a network security issue.

I have no experience of setting or changing Windows 2k security and would appreciate any suggestions/ideas on 1. how to locate exactly waht is being accessed to cause this error on students only and 2. how to fix it!

If you need anymore info, let me know.

Thanks in advance.

Maz
Senior IS Support Tech
0
Comment
Question by:MazzaRC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10665828
> "All users have FULL control on the local win2k workstation."

Are they member of the local admin group ?

Builtin and predefined groups in Windows 2000 Pro
http://www.microsoft.com/windows2000/en/professional/help/default.asp?url=/windows2000/en/professional/help/windows_security_default_settings.htm

members of the local admin group
1. Start / Run
2. Input CMD
3. Press ENTER
4. Input NET LOCALGROUP ADMINISTRATORS
5. Press ENTER

Introduction to LOCAL and DOMAIN user accounts
http://windows.about.com/library/weekly/aa010325a.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10665849
Why you should not run your computer as an administrator
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/windows_security_whynot_admin.htm

Remove Users from Local Admin Group
http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/21296/21296.html

I discuss this issue on http://www.experts-exchange.com/Security/Win_Security/Q_20576959.html

W98 users does'nt have a local admin group. They are by default "local administrators"

The problem with local admin group is that more and more programs updates themselfes while users are logged on, thus requirering, that Domain Users has to be a member of the Local Admin Group, because the Power Users Group is not always enough for some programs. Updating and installing programs means Admin Power. For example to gain access to some parts of the registry, and to gain access to C:\WINNT\SYSTEM32

But being member of the Local Admin Group on more than one workstation on the network means, that Domain Users gets unlimited REMOTE access to the other workstations.

The unlimited REMOTE access involves:
1. Explorer: \\ComputerName\C$
2. Registry
3. Computer Management (Control Panel)

All this is a problem because Microsoft created the Windows 2000 operating system this way.

If you want to know more about this issue:
---------------------------------------------------------
http://www.experts-exchange.com/Security/Win_Security/Q_20506528.html
http://www.tryware.dk/English/W2kLocalGroupPolicy/TotalAdminPower.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/evaluate/featfunc/07w2kadc.asp
http://support.microsoft.com/?kbid=182734

If you want to test it:
--------------------------
You have to grant a Domain User Group to the Local Admin Group on BOTH test-workstations, AND logout and logon again.

Important: You have to make a new logon after creating the credentials, because they are given in W2k in the second where You press ENTER to password when logging on.

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10665855
Some programs can run without problems if the user is member of the local power users group, but not all programs.

Try with your program if it can run in the power users group

Builtin and predefined groups in Windows 2000 Pro
http://www.microsoft.com/windows2000/en/professional/help/default.asp?url=/windows2000/en/professional/help/windows_security_default_settings.htm
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:MazzaRC
ID: 10665876
Ok, to clarify, all Network Authenticated users are a member of the Power Users group on all local Win2k Clients (otherwise you get problems running things like Office).

All I need to do is allow students to save in Autosketch as staff can do.

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10665979
>"All I need to do is allow students to save in Autosketch as staff can do."

Then students must be member of the local Power Users group
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10666000
Does students have the same NTFS permissioins as the staff group on the share on your server, where Autosketch 8 saves files ?

Understanding NTFS permissions:
http://www.windowsitlibrary.com/Content/592/1.html

Default NTFS Permissions in Windows 2000:
http://support.microsoft.com/?kbid=244600
%systemroot% = C:\WINNT
0
 
LVL 1

Author Comment

by:MazzaRC
ID: 10666023
To their home drives yes, every user has all rights except "Full Control" to their own directory. The application is installed locally on the client.

The only difference I can figure out is that staff and students have a different network group policy. Unless i'm missing something.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10666160
1. Where does Autosketch 8 saves files ?

2. What are the different group policies to the staff group and the students group ?

Group Policy Results - Displays information about the Group Policy on the current computer and logged-on user.
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp

Troubleshooting Group Policy Application Problems
http://support.microsoft.com/?kbid=250842

0
 
LVL 1

Author Comment

by:MazzaRC
ID: 10666171
Problem solved!!!

Thank you to trywaredk who made the lightbulb go on over my head... it was do to with the working directory of the shortcut! When that was changed to home directory instead of the program's directory.. it worked!

Thank you for all the input and resources.. I have a lot of reading to do :-)
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10666238
The Experts Exchange Help Pages - About Closing Questions
http://www.experts-exchange.com/Security/Win_Security/help.jsp#hi9
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10666252
Sorry about my comment of 03/24/2004 12:01PM CET - I only pressed CTRL-F5 !

The correct answer should have been ....

:o) Glad I could help you - thank you for the points
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question