Solved

Need to allow program to run under Terminal Services 2000 for all users

Posted on 2006-07-20
7
157 Views
Last Modified: 2010-04-13
I have a program called FaxFinder to send out faxes installed on our Terminal Server.  The program runs fine under accounts with Administrator privileges, but does not run under any other accounts.  How can I give all users on my domain permissions to use this program?
0
Comment
Question by:jimshock
  • 5
  • 2
7 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 300 total points
ID: 17149209
To find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.

Another possibility, using only native tools:
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
Obviously, you only need to audit failures.
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
0
 

Author Comment

by:jimshock
ID: 17149319
checking now...
0
 

Author Comment

by:jimshock
ID: 17149528
Tried running regmon and filemon under a user profile, kept telling me bad user name and password, which it isn't, not sure what's going on there.  Tried using the native tools, could not find %AllUsersProfile% -- is there no way for me to just set a policy to allow all users full access to this program?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:jimshock
ID: 17149579
p.s. increasing points
0
 
LVL 84

Expert Comment

by:oBdA
ID: 17150388
You can logon to the console as administrator as well, start regmon and filemon, then start the program from a terminal session.
%AllUsersProfile% is the environment variable which gives you the path to the "all users" profile; usually C:\documents and settings\all users, but open a command prompt and enter "echo %allusersprofile%" to be sure.
No, there's no policy to allow "all programs to run for every user" (except making all users administrators); how could there be? It's completely up to the program where and what it tries to write and which system components it tries to access how. If in doubt, ask the company how to get it to run, or replace it with a better software.
It's usually a sign of bad software design to publish a program that doesn't run in a restricted user's context; it's not as if operating systems with user control just appered out of the blue yesterday.
0
 

Author Comment

by:jimshock
ID: 17154006
Gotcha.  I do think this is crap software...I'll do some more digging and get back to you...
0
 

Author Comment

by:jimshock
ID: 17154585
got it.  The FaxFinder created a virtual printer; I just had to go Start -> Settings->Printers, right-click hit Properties and set Everyone to Full Control on the printer.  Thanks for your help
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question