Posted on 2005-04-12
Last Modified: 2010-04-10
Hi There

I have posted a similar question to this before and i am having the same problem, here it is...

If i install windows xp onto a new client machine, login as the administrator and install all the necessary apps and things that he may need, all works fine.

After all that, i grant that user admin rights to his pc creating his name with admin. priv to the local machine..

I then logoff and login with his name and all seems to be fine.  If i click on a specific app it gives me and error or a series of errors, but when i hold in shit and right click, i select "ran as" type in the domain account "administrator" and password then it runs fine.  

I cannot give the users that password "what could be wrong?" I have a system policy in place which prevents the users from installing/removing apps and playing with settings, could this be that cause, what can i do to correct it?
Question by:hitechauto
    LVL 9

    Expert Comment

    You have not given enough info for us to be able to understand really what happens but generally if you install a program under another user name the program will sometimes try to create default settings at first start of a new user. Still if you really have given local admin to the user he has all rights possible on the local machine, therefore did you check if the app tries to update something on the server?
    LVL 10

    Expert Comment

    You need to apply a security template to the workstation to make sure legacy programs/applications work.

    Compatible: Compatws.inf

    The Compatible template opens up the default permissions for the Local Users group so that legacy programs are more likely to run. This configuration is not considered a secure environment.

    This link has everything you need to setup this either on your domain or locally using the "Security Configuration and Analysis"  MMC snapin.....
    LVL 10

    Expert Comment

    LVL 12

    Expert Comment

    I don't get you.

    Why not install it all with the users admin account and be done with it?

    As for the programs not working. Sounds like the applications got installed for the user. Not for all users.

    Lastly giving your user an adminaccount will provide him the means to crack your account. Why on earth would you give him an admin account??? You can give him some admin proviledges. But not all. Big risk and will get you a lot more corrective work seeing they can break more.


    Author Comment

    Hi round the problem


    H_KEY Local machine, software, policies, microsoft, windows, installer

    There is en entry there called "EnableAdminTSRemote" when the value ="1" it will always request "Admin Priv" unless logged in as an administrator.  I reset the value to "0" and it works fine.

    Microsoft never seems to amaze me!

    Thanks for the input

    LVL 10

    Expert Comment

    The work-around to the problem you posted is for admins installing apps from a TS session?

    If you follow the steps I have outlined and you will have a resolution that works.  
    LVL 6

    Accepted Solution

    It sounds to me like your policies are interfering with the default behaviour of the applications. If the apps are MSI based then everytime a new user logs on it will run the MSI again to install the new user's settings (if there are any).

    Usually the two approaches are to either open the whole machine up (and let users install/uninstall apps themselves) or lock the machine down and use a deployment system like SMS to handle software deployment.

    Probably the easiest way to achieve what you want is to install the applications as the user, and then lock their account down, with either policy or user rights changes.

    I do agree with kneh though - the users shouldn't need admin rights!


    LVL 11

    Expert Comment

    Ok ... My guess is the application is not compatible with a multi user environment. It's as simple as that.
    I would say there's an easy way to solve this ... I was thinking about running through a batch using the "runas" command ... but you still must input the password each time. Unless you know something about programming and hardcode the password in the program itself ... then you that program, would call the target one using a similar process as runas and using the hardcoded password and admin username ...

    LVL 1

    Expert Comment

    The problem is actually as simple as profiles.  The application was installed as admin, so the admin profile may have specific application settings.  The best thing to try is follow these steps:

    ()  Create a second admin account on the workstation
    ()  Log in as the second admin account
    ()  Copy the Default User profile folder for backup purposes
    ()  Using the Profile Manager (Properties of My Computer/ Advanced Tab/ User Profiles Settings button)
    ()  Copy the original administratort profile to the Default User profile
    ()  Assign the Everyone group permission to the profile.
    ()  Log in as a user that has not logged into the workstation before
    ()  Test apps.

    Hope that helps!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now