Link to home
Start Free TrialLog in
Avatar of hitechauto
hitechauto

asked on

USER RIGHTS

Hi There

I have posted a similar question to this before and i am having the same problem, here it is...

If i install windows xp onto a new client machine, login as the administrator and install all the necessary apps and things that he may need, all works fine.

After all that, i grant that user admin rights to his pc creating his name with admin. priv to the local machine..

I then logoff and login with his name and all seems to be fine.  If i click on a specific app it gives me and error or a series of errors, but when i hold in shit and right click, i select "ran as" type in the domain account "administrator" and password then it runs fine.  

I cannot give the users that password "what could be wrong?" I have a system policy in place which prevents the users from installing/removing apps and playing with settings, could this be that cause, what can i do to correct it?
Avatar of joedoe58
joedoe58

You have not given enough info for us to be able to understand really what happens but generally if you install a program under another user name the program will sometimes try to create default settings at first start of a new user. Still if you really have given local admin to the user he has all rights possible on the local machine, therefore did you check if the app tries to update something on the server?
You need to apply a security template to the workstation to make sure legacy programs/applications work.

Compatible: Compatws.inf

The Compatible template opens up the default permissions for the Local Users group so that legacy programs are more likely to run. This configuration is not considered a secure environment.

http://support.microsoft.com/kb/q216735/

This link has everything you need to setup this either on your domain or locally using the "Security Configuration and Analysis"  MMC snapin.....
I don't get you.

Why not install it all with the users admin account and be done with it?

As for the programs not working. Sounds like the applications got installed for the user. Not for all users.

Lastly giving your user an adminaccount will provide him the means to crack your account. Why on earth would you give him an admin account??? You can give him some admin proviledges. But not all. Big risk and will get you a lot more corrective work seeing they can break more.

$0.02
Avatar of hitechauto

ASKER

Hi round the problem

"regedit"

H_KEY Local machine, software, policies, microsoft, windows, installer

There is en entry there called "EnableAdminTSRemote" when the value ="1" it will always request "Admin Priv" unless logged in as an administrator.  I reset the value to "0" and it works fine.

Microsoft never seems to amaze me!

Thanks for the input

The work-around to the problem you posted is for admins installing apps from a TS session?

If you follow the steps I have outlined and you will have a resolution that works.  
ASKER CERTIFIED SOLUTION
Avatar of Wallsy
Wallsy

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok ... My guess is the application is not compatible with a multi user environment. It's as simple as that.
I would say there's an easy way to solve this ... I was thinking about running through a batch using the "runas" command ... but you still must input the password each time. Unless you know something about programming and hardcode the password in the program itself ... then you that program, would call the target one using a similar process as runas and using the hardcoded password and admin username ...

#Cheers.
The problem is actually as simple as profiles.  The application was installed as admin, so the admin profile may have specific application settings.  The best thing to try is follow these steps:

()  Create a second admin account on the workstation
()  Log in as the second admin account
()  Copy the Default User profile folder for backup purposes
()  Using the Profile Manager (Properties of My Computer/ Advanced Tab/ User Profiles Settings button)
()  Copy the original administratort profile to the Default User profile
()  Assign the Everyone group permission to the profile.
()  Log in as a user that has not logged into the workstation before
()  Test apps.

Hope that helps!