Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1205
  • Last Modified:

Admin Rights

I'm running Windows XP Pro at home and I use 2 accounts. I have the admin account and the user account. I use the user account on a daily basis. I use the admin account when I need to install something. Recently I've noticed there are times when I install something using the admin account but when I log off and login as "user" the program will not run. I get an error stating I don't have sufficient rights to run the app. When I try to right click and select "run as" and login as admin it still says I may not have sufficient priviledges?

Are there any rights I need to assign to the user account to allow the "run as" feature to work?

Is there a way I can have these two apps run under the administrator account even when I'm logged in as "user"?

Thanks In Advance,
1 Solution
Rich RumbleSecurity SamuraiCommented:
The only requirement for runas to function properly is the "secondary logon" service has to be running. Typically if you do the runas dialog, and you give the local admin username and pass correctly, I've never seen it fail in this manner.... hmm
Here is a nice little VBscript I've been using for quite some time now... give it a shot- if it works, you may want to consider the VBE conversion instructions below it...

Copy this into a text file- then rename it .vbs instead of .txt. Also modify the local admin password in the file, and replace the path to the executable...

Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
' Replace the path with the program you wish to run c:\ etc...
oShell.Run "runas /noprofile /user:administrator ""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"""
WScript.Sleep 100
'Replace the string yourpassword~ below with 'the password used on your system. Include tilde oShell.Sendkeys "yourpassword~"

Replace "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" with the path to the program you need to run, and of course the local admin pass in the "yourpassword~" (leave the tidle)
To encode the file: (download the http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en ) and to encrypt it type: 9crom the cmd line)

screnc /l vbscript file.vbs enc-file.vbe  (just an example,    screnc /l vbscript filename.vbs  encodedfile.vbE)

That's it- double click the vbe file or call it from a batch file- should work... Try it without the encoded version first.
have you tried giving the "power user" rights to the normal user?
I hope that it may solve the problem, behind this you may give a try to some registry tweaks for setting the program to run under some specific user environment.

Good Luck
I am assuming that your user account is a member of the local "users" group.  If you right click on "My Computer" and select "manage" you will find a "Local Users and Groups" item on the left pane.  Drill down into that item and find the user account you are using.  Open the properties for the User account and select the member of tab.  note the groups that the use is a member of.  You will need to make sure that group has the permission to run the applicaiton.

I would verifiy that the program directory for the application in questions has the appropriate permissions (for the sake of simplicity, read, write, & execute should do) set for the local "users" group (or which ever group the user is a member of).  If that group does not have the appropriate permissions, then that may be your problem.

To change permissions for the directory, do the following:

1. Log on as the administrator account.
2. Find the location the program is installed.
3. Display the properties for that diectory, and click the security tab.
4. Modify the permissions to allow read, write, execuite permissions on the "computername\users" group (or your users group noted from above).  If the "users" group is not listed, you can added it with the add button.

After you have made the changes to the permissions, you can test by logging on with your user account and running the program.

Give that a try.

>  I have the admin account and the user account. I use the user account on a daily basis. I use the admin account when I need to install something

:-))     :-))     :-))     :-))     :-))    

> Are there any rights I need to assign to the user account to allow the "run as" feature to work?

not really. "run as" isn't the right approach either. You could try power user, but I'd make that a 3rd account instead.

What is probably happening is that the installation program is assigning rights to users rather that to the unit itself, and that is not good idea, but you have to work with what you've got.  Possibly the way out is to install the product with the ID of the user, see if that works.

This can depend on the products and installation methods, and you might have to ask separate question about each product.

Any product that won't answer this for you is considered immature.  Look for FAQs at their websites.

One thing continually amazes me is that games having lots of security actually permit multiple users (less restrictive than anticipated). So for good production programs, such as for backing up or eMail etc, their robustness can be assessed by how difficult or not it is to actually use their products.  Be that as it may, some, such as backups, may be conducive to warranting multiple users with a variety or roles and rights, and that can be a good thing. Such as permitting one person to identify what is installed, one to identify what is backed up, and another to only run the job, without rights to too many details.  Be that as it may, the product, if it is any good at all, should describe such different levels for you, if that is what their design is and what they are charging you for

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now