Solved

Need to allow program to run under Terminal Services 2000 for all users

Posted on 2006-07-20
7
155 Views
Last Modified: 2010-04-13
I have a program called FaxFinder to send out faxes installed on our Terminal Server.  The program runs fine under accounts with Administrator privileges, but does not run under any other accounts.  How can I give all users on my domain permissions to use this program?
0
Comment
Question by:jimshock
  • 5
  • 2
7 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 300 total points
ID: 17149209
To find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.

Another possibility, using only native tools:
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
Obviously, you only need to audit failures.
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
0
 

Author Comment

by:jimshock
ID: 17149319
checking now...
0
 

Author Comment

by:jimshock
ID: 17149528
Tried running regmon and filemon under a user profile, kept telling me bad user name and password, which it isn't, not sure what's going on there.  Tried using the native tools, could not find %AllUsersProfile% -- is there no way for me to just set a policy to allow all users full access to this program?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:jimshock
ID: 17149579
p.s. increasing points
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17150388
You can logon to the console as administrator as well, start regmon and filemon, then start the program from a terminal session.
%AllUsersProfile% is the environment variable which gives you the path to the "all users" profile; usually C:\documents and settings\all users, but open a command prompt and enter "echo %allusersprofile%" to be sure.
No, there's no policy to allow "all programs to run for every user" (except making all users administrators); how could there be? It's completely up to the program where and what it tries to write and which system components it tries to access how. If in doubt, ask the company how to get it to run, or replace it with a better software.
It's usually a sign of bad software design to publish a program that doesn't run in a restricted user's context; it's not as if operating systems with user control just appered out of the blue yesterday.
0
 

Author Comment

by:jimshock
ID: 17154006
Gotcha.  I do think this is crap software...I'll do some more digging and get back to you...
0
 

Author Comment

by:jimshock
ID: 17154585
got it.  The FaxFinder created a virtual printer; I just had to go Start -> Settings->Printers, right-click hit Properties and set Everyone to Full Control on the printer.  Thanks for your help
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now