[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 169
  • Last Modified:

Need to allow program to run under Terminal Services 2000 for all users

I have a program called FaxFinder to send out faxes installed on our Terminal Server.  The program runs fine under accounts with Administrator privileges, but does not run under any other accounts.  How can I give all users on my domain permissions to use this program?
0
jimshock
Asked:
jimshock
  • 5
  • 2
1 Solution
 
oBdACommented:
To find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.

Another possibility, using only native tools:
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
Obviously, you only need to audit failures.
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
0
 
jimshockAuthor Commented:
checking now...
0
 
jimshockAuthor Commented:
Tried running regmon and filemon under a user profile, kept telling me bad user name and password, which it isn't, not sure what's going on there.  Tried using the native tools, could not find %AllUsersProfile% -- is there no way for me to just set a policy to allow all users full access to this program?
0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
jimshockAuthor Commented:
p.s. increasing points
0
 
oBdACommented:
You can logon to the console as administrator as well, start regmon and filemon, then start the program from a terminal session.
%AllUsersProfile% is the environment variable which gives you the path to the "all users" profile; usually C:\documents and settings\all users, but open a command prompt and enter "echo %allusersprofile%" to be sure.
No, there's no policy to allow "all programs to run for every user" (except making all users administrators); how could there be? It's completely up to the program where and what it tries to write and which system components it tries to access how. If in doubt, ask the company how to get it to run, or replace it with a better software.
It's usually a sign of bad software design to publish a program that doesn't run in a restricted user's context; it's not as if operating systems with user control just appered out of the blue yesterday.
0
 
jimshockAuthor Commented:
Gotcha.  I do think this is crap software...I'll do some more digging and get back to you...
0
 
jimshockAuthor Commented:
got it.  The FaxFinder created a virtual printer; I just had to go Start -> Settings->Printers, right-click hit Properties and set Everyone to Full Control on the printer.  Thanks for your help
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now