Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Quickbooks and Limited accounts

Posted on 2004-04-05
11
Medium Priority
?
7,974 Views
Last Modified: 2013-12-04
I have a Windows XP Pro user on a Limited account. The user must never be able to install software, however, the user must be able to use software that has been installed onto the computer.

Quickbooks is one such program the complains that it doesn't have access to modify/add/delete files.

When I called Intuit, they told me to add Power Users to the user's groups, which works, but also allows the user to install programs. I can't allow that.

Is there a way to keep the system secure, but allow currently installed software to run?

Points only awarded to a step-by-step instruction on the process of giving a user (or program) such access.
0
Comment
Question by:frankmorrison
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10761090
Folder Guard - Frequently Asked Questions (FAQ)
http://www.winability.com/folderguard/faq.htm#security
http://www.winability.com/folderguard/prevent-installing.htm
http://www.winability.com/folderguard/restrict-removable-disks.htm

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 1

Author Comment

by:frankmorrison
ID: 10761739
Sorry, third party software solutions will not work for me. I need a way to do this through windows xp.
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10762356
You need to find out where the software wants to modify/create/delete files. Chances are that we are talking only one or a few directories. Then modify the directory permissions to allow the user (or the group) to modify/create/delete files in these dirs. This will allow your restricted user to run the software, but will not allow to install new software.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 44

Accepted Solution

by:
Karl Heinz Kremer earned 1200 total points
ID: 10762359
... and, you can use Filemon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) to find out which files or directories need to be modified.
0
 
LVL 6

Assisted Solution

by:Joseph_Moore
Joseph_Moore earned 800 total points
ID: 10762799
To add to what khkremer said, you might also need to know what Registry hives/branches Quickbooks uses. Individual branches can have their own security applied to them. So, it is possible to give only Administrator and/or Power Users rights to a specific branch in the Registry. Then, when a user who is NOT in those groups tries to use the software, they get Registry errors when the software loads. Really annoying trying to troubleshoot these things.
Regmon (also from Sysinternals) will tell you what Registry locations are being accessed.
http://www.sysinternals.com/ntw2k/source/regmon.shtml
Tweaking the permissions on a machine to not give a user account too much power, but to still allow them to run a program that is very secure, is a very difficult thing. It is possible, it just takes a while.
My worse experience in doing this was for Crystal Reports v8! That was bad! Tweaking the files AND the Registry permissions!
Fun for the whole family....
Good luck
0
 
LVL 44

Assisted Solution

by:Karl Heinz Kremer
Karl Heinz Kremer earned 1200 total points
ID: 10764162
If you need to change the permissions on a registry key, you need to run regedt32. The "normal" regedit does not allow this. Look under the "Security" menu.
0
 

Expert Comment

by:Donzilla
ID: 11034175
Sorry about the length, but I didn't want to claim credit for this. I found this post via google and it sounds like the chap landed here before going on to solve the problem, so since he did not post his findings, I decided to take the leap and do so for him. I used these two permission-modifications succesfully to get Quickbooks 2002 Pro running on a W2K TS (DC even!) today for restricted users. Toodle-pip!

[syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]

QuickBooks Pro 2002

From a post by David Dawson:

   Finally figured out how to add Quickbooks to a Terminal Server 2000 Server
and have normal Domain User accounts run it.  I had installed it but no
regular users could run it but instead got the following error message:

"Your user account for Windows was created with Restricted access to system
resources.  This will prevent QuickBooks from operating properly.  Please
contact your system administrator and ask him or her to grant you Standard
user rights."

I'd found several postings referencing Sysinternal's Regmon and Filemon to
see what it was accessing but no details posted so thought I'd document it
here.  Finding the files and keys it was accessing and loosening permissions
slowly gave them access with these minimum changes

I created a Quickbooks Users group, added my users, and gave the group Full
Access to the HKLM\Software\Intuit\QuickBooksRegistration Key

To let them run the update they needed Modify rights to the Program
Files\Intuit\Quickbooks Pro folder.

The data is stored in another place where permissions are controlled
differently.  These permissions just let them run the program, not open the
data.

[end syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]
0
 

Expert Comment

by:scottjohnstone
ID: 11618955
This did not work for me by itself with Quickbooks 2004.
What I needed to do was:
1) Make the change previously noted to c:\program files\intuit (modify for quickbooks users)
2) Install an application compatibility "shim" via the appcompat toolkit & create an entry for Quickbooks denoting it as an LUA (limited user access) program.  You the install the shim on the machines running quickbooks.  You can d/l it from ms.com.

Cheers,

Scott
0
 

Expert Comment

by:Mike4CCM
ID: 12041248
I have the toolkit installed, but I don't know how to install an application compatibility "shim", please help!!

- Thank you,
Mike
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 12042347
Please don't post new questions in already closed questions. You will find a bigger audience if you post a new question.
0
 

Expert Comment

by:GMJ29
ID: 12766210
For QuickBooks 2003 this is what we found we had to do to keep the user out of the power users group and run on xp:

full control to the intuit directory in c:\program files
full control to the reg key hklm\software\intuit
go into the permissions of the desktop shortcut and change the compatibility to run as Windows 2000
add the user to the local admin group and logon one time into qb, go into the options and uncheck the box that turns on the company navigator when you open any company.
logoff and take the user out of the local admin group

they should be able to use now.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question