weird admin permission for application to function

The operating system is devided into two parts.  The "machine" part, and the "user" part.  The user part if further devided into different parts of different priveledges.  In general, you have the SYSTEM account, and you have the USER account, now, the SYSTEM (OS) account can do anything basically, it is the operating system, it has full permisisons to do everything, you also cannot access or use this account.  The USER, does not, and can not interfere with the system meaning the SYSTEM (OS) is protected from damage from outside code, or that's supposed to be how it works.  The USER however can change the system.  And the varying levels of privledges dictate just how much the USER can change the way the SYSTEM works.

It is difficult to explain why the program is doing what it's doing without knowing what the program is, but there is a way to solve it.

Firstly understand the program operates on as much privleges as the user has, meaning, if the user has standard user privledges (with respect to the SYSTEM (OS), not the files or folders or registry), the application has standard user privleges, or is generally the case.  If you run the program as an admin, the program will have admin rights, think of it like allowance, the program can spend so much "money" depending on how much allowance is given.  The most privledged the USER, the greater the allowance.

Secondly, windows has accounted for this, because many applications need to be used across accounts, and some of those accounts aren't privledged enough to enable the program to function.  Windows has created a way to bypass this.  The "Run As" context menu when right clicking on the executable or shortcut will allow you to run any app as another user.  Meaning, if your guest can't use this program, you can say "run as" and then you'll be asked which account you want to run it as, select an administrator, provide a password and the program will run as if it had aministrative access.  This is the one time solution, since i've never used this feature, i do not know if it is perminant.  I believe that you will have to enter the admin name and password everytime you want to run the program, but i'm sure there is a way to set the program up to always load with certain permissions.  It appears possible in linux, but i've yet to find anything for windows XP/2003.

So in summary, think of it like this, permission are set with respect to the SYSTEM account, meaning the operating system, file access permissions are managed by the OS, but aren't the operating system themselves.  Admins appear to have all permissions and no problems because they operate on a "near" SYSTEM level privledge, standard users are often stopped by the OS and told, you don't have the right to do this, because that is how OS/multiuser protection is implemented.

Hope this helps.

Thanks, we use the 'run as' feature of Windows every now and then for once-off things.  However, we need a more permenant solution this time.  Everything you said makes sense, however its not really the answer to the question.

Let me rephrase the question:

What does admin rights give you that full control to everything does not?  Is there any other part of the OS, aside from files, folders and reg, that can have permissions altered?

Thanks for your help.

Matt

maninblac1, I've got it now.  That was a great explanation.  I guess I'll wait to hear from the vendor then.  I have written to them describing the problem and I'm hoping they know how to enable their app without enabling local admin rights.

Thanks again, Matt.