Admin Rights

Posted on 2005-03-03
Medium Priority
Last Modified: 2013-12-04
I'm running Windows XP Pro at home and I use 2 accounts. I have the admin account and the user account. I use the user account on a daily basis. I use the admin account when I need to install something. Recently I've noticed there are times when I install something using the admin account but when I log off and login as "user" the program will not run. I get an error stating I don't have sufficient rights to run the app. When I try to right click and select "run as" and login as admin it still says I may not have sufficient priviledges?

Are there any rights I need to assign to the user account to allow the "run as" feature to work?

Is there a way I can have these two apps run under the administrator account even when I'm logged in as "user"?

Thanks In Advance,
Question by:ccastillo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

Rich Rumble earned 750 total points
ID: 13455545
The only requirement for runas to function properly is the "secondary logon" service has to be running. Typically if you do the runas dialog, and you give the local admin username and pass correctly, I've never seen it fail in this manner.... hmm
Here is a nice little VBscript I've been using for quite some time now... give it a shot- if it works, you may want to consider the VBE conversion instructions below it...

Copy this into a text file- then rename it .vbs instead of .txt. Also modify the local admin password in the file, and replace the path to the executable...

Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
' Replace the path with the program you wish to run c:\ etc...
oShell.Run "runas /noprofile /user:administrator ""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"""
WScript.Sleep 100
'Replace the string yourpassword~ below with 'the password used on your system. Include tilde oShell.Sendkeys "yourpassword~"

Replace "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" with the path to the program you need to run, and of course the local admin pass in the "yourpassword~" (leave the tidle)
To encode the file: (download the http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en ) and to encrypt it type: 9crom the cmd line)

screnc /l vbscript file.vbs enc-file.vbe  (just an example,    screnc /l vbscript filename.vbs  encodedfile.vbE)

That's it- double click the vbe file or call it from a batch file- should work... Try it without the encoded version first.

Expert Comment

ID: 13458515
have you tried giving the "power user" rights to the normal user?
I hope that it may solve the problem, behind this you may give a try to some registry tweaks for setting the program to run under some specific user environment.

Good Luck

Expert Comment

ID: 13460929
I am assuming that your user account is a member of the local "users" group.  If you right click on "My Computer" and select "manage" you will find a "Local Users and Groups" item on the left pane.  Drill down into that item and find the user account you are using.  Open the properties for the User account and select the member of tab.  note the groups that the use is a member of.  You will need to make sure that group has the permission to run the applicaiton.

I would verifiy that the program directory for the application in questions has the appropriate permissions (for the sake of simplicity, read, write, & execute should do) set for the local "users" group (or which ever group the user is a member of).  If that group does not have the appropriate permissions, then that may be your problem.

To change permissions for the directory, do the following:

1. Log on as the administrator account.
2. Find the location the program is installed.
3. Display the properties for that diectory, and click the security tab.
4. Modify the permissions to allow read, write, execuite permissions on the "computername\users" group (or your users group noted from above).  If the "users" group is not listed, you can added it with the add button.

After you have made the changes to the permissions, you can test by logging on with your user account and running the program.

Give that a try.

LVL 24

Expert Comment

ID: 13460984
>  I have the admin account and the user account. I use the user account on a daily basis. I use the admin account when I need to install something

:-))     :-))     :-))     :-))     :-))    

> Are there any rights I need to assign to the user account to allow the "run as" feature to work?

not really. "run as" isn't the right approach either. You could try power user, but I'd make that a 3rd account instead.

What is probably happening is that the installation program is assigning rights to users rather that to the unit itself, and that is not good idea, but you have to work with what you've got.  Possibly the way out is to install the product with the ID of the user, see if that works.

This can depend on the products and installation methods, and you might have to ask separate question about each product.

Any product that won't answer this for you is considered immature.  Look for FAQs at their websites.

One thing continually amazes me is that games having lots of security actually permit multiple users (less restrictive than anticipated). So for good production programs, such as for backing up or eMail etc, their robustness can be assessed by how difficult or not it is to actually use their products.  Be that as it may, some, such as backups, may be conducive to warranting multiple users with a variety or roles and rights, and that can be a good thing. Such as permitting one person to identify what is installed, one to identify what is backed up, and another to only run the job, without rights to too many details.  Be that as it may, the product, if it is any good at all, should describe such different levels for you, if that is what their design is and what they are charging you for

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 21 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question