Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


XP Home SP2 Security Issues and Concerns

Posted on 2005-04-21
Medium Priority
Last Modified: 2013-12-04
I am a dad now supporting 2 laptops and 2 desktops in my home all sharing a DSL connection via a Netgear WGT624 router. I was a WIN98 holdout until 2 months ago upgrading all units to XP HOME SP2. After reading all the security concerns about running computers in administrative mode I made all users(including myself) limited users and created one administrator account for software installs and maintenance – this system seems to work well – until my users tried using their applications(even office 2000!) many do not work properly or not at all. Now some programs are old, some are newer, some are games, some are apps. Yet some do work with limited user accounts like internet explorer, MSN messenger, Norton Ghost, Computer Associates EZTrust. What is the difference? Do I need to be this secure? Should I just have all users run in administrative mode? Is that the intent of the HOME version? I know that HOME does not have the sophisticated security features of PRO.

My goal is to minimize risk, support issues, and at the same time maximize functionality.

Is there a way I can make all the programs work with limited users accounts? I have read about cacls and booting in safe mode and logging in with a administrative account to get the security tab. But that seems to be a support nightmare having to do this everytime a app needs to be installed.
Question by:kbryant2

Expert Comment

ID: 13840489
Try looking through this and see if any of it will help you.



Good luck and stay secure.

LVL 12

Expert Comment

ID: 13840624
Applications should work for users if they have been installed by an Admin account - are you saying you are insatlling them in this way and they are not working?

Author Comment

ID: 13843174
gidds99, yes that is correct. Here are a few examples; Sims 2 built in 2004 after installing and rebooting any user without admin rights gets a error when starting(even though the app put a icon on every account's desktop) if I give a user admin rights program works ok, take away rights error comes back. Office 2000 - after installing and a limited users first open of let's say outlook it trys to set default and install something else well the application works but every time the app is opened the same scenario repeats - until I give them admin rights and take them away after app has completed it's setup. So I wonder if everytime a new feature is used will I run into the same problem? CD Organizer 4 - without admin rights I get a ODBC error.

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

LVL 38

Expert Comment

by:Rich Rumble
ID: 13845350
Have you tried to determine if it's an NTFS or Registry security issue? Meaning, do the users have the right's to read/execute all files that these programs require. Typically all you need to do in this case is be sure that they can just my computer to browse to the program folder that the app is in, and if they can, then they will need execute rights on just about all of the files in there. You can somtimes use the "unwise" uninstaller files to your advatage, as they list in plain-text the places that the uninstaller will go to remove the programs. There can also be an install.txt file that will be written in the program folder (typically) that recorded where all the files and registry entries were written to, so that they can be reversed to uninstall the program.

I've got an automated process to using RunAs listed on my website here: http://xinn.org/RunasVBS.html
RunAs allows you to enter a username and pass with higher privledges (or lower if you wanted..?) so you can execute a program or process without having to logoff and log back on to a PC.
With the VBE file (a vbs file, encoded) you can make a shortcut that automatically fills in the username and pass, so the users never have to know what the pass is. Again it's encoded, and not encrypted, the encoding can be undone easily, but most users, and even IT admins don't know how to go about it. I do not suggest using THE administrator account, but an account with elevated priv's.
Regardless of method...You may try a user in the POWERUSERS group as opposed to the Admin's group- this may be all you need to get the functions working. If it does, then try my VBE files with a user you create in the powerusers group.
LVL 25

Expert Comment

ID: 13845667
this really is an application problem rather than an OS proplem.  Many poorly written apps have to be run while logged in as an administrator. Even if you call the app vendor they will confirm this.  These are usually apps that were originally written for 98 and not properly upgraded to run on 2000 or XP machines. Unfortunately the only option is to run them while logged in as an admin.

Author Comment

ID: 13846648
I like your thoughts richrumble. I will try browsing the program folder with each user. The runas looks like a possible fix except that it appears I would need to do this for every program with a problem - and thus increasing my support burden. Now about the POWERUSERS group I thought these various groups were only available with the PRO version - I am using HOME. Or are these groups available when booting in safe mode and logging in to local machine as admin?


Author Comment

ID: 13846672
mikeleebrla how can you determine BEFORE buying software that I will run properly with limited users accounts? You would think that Office 2000 or SIMS 2 would be new enough and designed properly. These are not cheap programs.

LVL 38

Accepted Solution

Rich Rumble earned 1500 total points
ID: 13846951
Ahh Home version- sorry, that may be a problem... let's see
http://support.microsoft.com/default.aspx?scid=kb;en-us;304040 <---says PwrUser only available in XP-Pro

I also found a VB script file that you can drag and drop a short-cut to and it will run the program.

dim wshShell
set wshShell=CreateObject("Wscript.Shell")
wshShell.run("runas /noprofile /user:%computername%\administrator " & Chr(34) & "cmd /c\" & Chr(34) & WScript.Arguments(0) & "\" & Chr(34) & Chr(34))
WScript.Sleep 100
wshShell.AppActivate "Runas"
WScript.Sleep 100
' replace yourpasswordhere with the local admin password
' the tilde is the equivilent to return (enter) it must remain
wshShell.SendKeys "yourpasswordhere~"

Change "administrator" to a username in the admin group, and replace "yourpasswordhere~" with the password, make sure you include the tilde (~) after the pass. You can also encode this file from .vbs to .vbe to obusficate the password.

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
OfficeMate Freezes on login or does not load after login credentials are input.
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question