frankmorrison
asked on
Quickbooks and Limited accounts
I have a Windows XP Pro user on a Limited account. The user must never be able to install software, however, the user must be able to use software that has been installed onto the computer.
Quickbooks is one such program the complains that it doesn't have access to modify/add/delete files.
When I called Intuit, they told me to add Power Users to the user's groups, which works, but also allows the user to install programs. I can't allow that.
Is there a way to keep the system secure, but allow currently installed software to run?
Points only awarded to a step-by-step instruction on the process of giving a user (or program) such access.
Quickbooks is one such program the complains that it doesn't have access to modify/add/delete files.
When I called Intuit, they told me to add Power Users to the user's groups, which works, but also allows the user to install programs. I can't allow that.
Is there a way to keep the system secure, but allow currently installed software to run?
Points only awarded to a step-by-step instruction on the process of giving a user (or program) such access.
ASKER
Sorry, third party software solutions will not work for me. I need a way to do this through windows xp.
You need to find out where the software wants to modify/create/delete files. Chances are that we are talking only one or a few directories. Then modify the directory permissions to allow the user (or the group) to modify/create/delete files in these dirs. This will allow your restricted user to run the software, but will not allow to install new software.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry about the length, but I didn't want to claim credit for this. I found this post via google and it sounds like the chap landed here before going on to solve the problem, so since he did not post his findings, I decided to take the leap and do so for him. I used these two permission-modifications succesfully to get Quickbooks 2002 Pro running on a W2K TS (DC even!) today for restricted users. Toodle-pip!
[syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]
QuickBooks Pro 2002
From a post by David Dawson:
Finally figured out how to add Quickbooks to a Terminal Server 2000 Server
and have normal Domain User accounts run it. I had installed it but no
regular users could run it but instead got the following error message:
"Your user account for Windows was created with Restricted access to system
resources. This will prevent QuickBooks from operating properly. Please
contact your system administrator and ask him or her to grant you Standard
user rights."
I'd found several postings referencing Sysinternal's Regmon and Filemon to
see what it was accessing but no details posted so thought I'd document it
here. Finding the files and keys it was accessing and loosening permissions
slowly gave them access with these minimum changes
I created a Quickbooks Users group, added my users, and gave the group Full
Access to the HKLM\Software\Intuit\Quick
To let them run the update they needed Modify rights to the Program
Files\Intuit\Quickbooks Pro folder.
The data is stored in another place where permissions are controlled
differently. These permissions just let them run the program, not open the
data.
[end syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]
[syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]
QuickBooks Pro 2002
From a post by David Dawson:
Finally figured out how to add Quickbooks to a Terminal Server 2000 Server
and have normal Domain User accounts run it. I had installed it but no
regular users could run it but instead got the following error message:
"Your user account for Windows was created with Restricted access to system
resources. This will prevent QuickBooks from operating properly. Please
contact your system administrator and ask him or her to grant you Standard
user rights."
I'd found several postings referencing Sysinternal's Regmon and Filemon to
see what it was accessing but no details posted so thought I'd document it
here. Finding the files and keys it was accessing and loosening permissions
slowly gave them access with these minimum changes
I created a Quickbooks Users group, added my users, and gave the group Full
Access to the HKLM\Software\Intuit\Quick
To let them run the update they needed Modify rights to the Program
Files\Intuit\Quickbooks Pro folder.
The data is stored in another place where permissions are controlled
differently. These permissions just let them run the program, not open the
data.
[end syndicated from http://dev.remotenetworktechnology.com/ts/app/installs.htm]
This did not work for me by itself with Quickbooks 2004.
What I needed to do was:
1) Make the change previously noted to c:\program files\intuit (modify for quickbooks users)
2) Install an application compatibility "shim" via the appcompat toolkit & create an entry for Quickbooks denoting it as an LUA (limited user access) program. You the install the shim on the machines running quickbooks. You can d/l it from ms.com.
Cheers,
Scott
What I needed to do was:
1) Make the change previously noted to c:\program files\intuit (modify for quickbooks users)
2) Install an application compatibility "shim" via the appcompat toolkit & create an entry for Quickbooks denoting it as an LUA (limited user access) program. You the install the shim on the machines running quickbooks. You can d/l it from ms.com.
Cheers,
Scott
I have the toolkit installed, but I don't know how to install an application compatibility "shim", please help!!
- Thank you,
Mike
- Thank you,
Mike
Please don't post new questions in already closed questions. You will find a bigger audience if you post a new question.
For QuickBooks 2003 this is what we found we had to do to keep the user out of the power users group and run on xp:
full control to the intuit directory in c:\program files
full control to the reg key hklm\software\intuit
go into the permissions of the desktop shortcut and change the compatibility to run as Windows 2000
add the user to the local admin group and logon one time into qb, go into the options and uncheck the box that turns on the company navigator when you open any company.
logoff and take the user out of the local admin group
they should be able to use now.
full control to the intuit directory in c:\program files
full control to the reg key hklm\software\intuit
go into the permissions of the desktop shortcut and change the compatibility to run as Windows 2000
add the user to the local admin group and logon one time into qb, go into the options and uncheck the box that turns on the company navigator when you open any company.
logoff and take the user out of the local admin group
they should be able to use now.
http://www.winability.com/folderguard/faq.htm#security
http://www.winability.com/folderguard/prevent-installing.htm
http://www.winability.com/folderguard/restrict-removable-disks.htm
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open