[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Need to allow program to run under Terminal Services 2000 for all users

Posted on 2006-07-20
7
Medium Priority
?
163 Views
Last Modified: 2010-04-13
I have a program called FaxFinder to send out faxes installed on our Terminal Server.  The program runs fine under accounts with Administrator privileges, but does not run under any other accounts.  How can I give all users on my domain permissions to use this program?
0
Comment
Question by:jimshock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1200 total points
ID: 17149209
To find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.

Another possibility, using only native tools:
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
Obviously, you only need to audit failures.
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
0
 

Author Comment

by:jimshock
ID: 17149319
checking now...
0
 

Author Comment

by:jimshock
ID: 17149528
Tried running regmon and filemon under a user profile, kept telling me bad user name and password, which it isn't, not sure what's going on there.  Tried using the native tools, could not find %AllUsersProfile% -- is there no way for me to just set a policy to allow all users full access to this program?
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 

Author Comment

by:jimshock
ID: 17149579
p.s. increasing points
0
 
LVL 85

Expert Comment

by:oBdA
ID: 17150388
You can logon to the console as administrator as well, start regmon and filemon, then start the program from a terminal session.
%AllUsersProfile% is the environment variable which gives you the path to the "all users" profile; usually C:\documents and settings\all users, but open a command prompt and enter "echo %allusersprofile%" to be sure.
No, there's no policy to allow "all programs to run for every user" (except making all users administrators); how could there be? It's completely up to the program where and what it tries to write and which system components it tries to access how. If in doubt, ask the company how to get it to run, or replace it with a better software.
It's usually a sign of bad software design to publish a program that doesn't run in a restricted user's context; it's not as if operating systems with user control just appered out of the blue yesterday.
0
 

Author Comment

by:jimshock
ID: 17154006
Gotcha.  I do think this is crap software...I'll do some more digging and get back to you...
0
 

Author Comment

by:jimshock
ID: 17154585
got it.  The FaxFinder created a virtual printer; I just had to go Start -> Settings->Printers, right-click hit Properties and set Everyone to Full Control on the printer.  Thanks for your help
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question