Solved

Need to allow program to run under Terminal Services 2000 for all users

Posted on 2006-07-20
7
156 Views
Last Modified: 2010-04-13
I have a program called FaxFinder to send out faxes installed on our Terminal Server.  The program runs fine under accounts with Administrator privileges, but does not run under any other accounts.  How can I give all users on my domain permissions to use this program?
0
Comment
Question by:jimshock
  • 5
  • 2
7 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 300 total points
ID: 17149209
To find out which permissions are missing where, get FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) and RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) from Sysinternals.
Log on as a regular user without additional rights. Start FileMon and RegMon using runas and an administrative account. Filter both to log only the application.
Start the application, check for errors. Adjust NTFS or registry (using regedt32) permissions until you can run the software as user.

Another possibility, using only native tools:
Turn on auditing on your machine (local security policy -- auditing policy: turn on auditing for rights usage and object access).
Then enable auditing on the usual suspicious folders (using Windows Explorer, folder properties/Security/Advanced/Auditing): The program folder of the program, %AllUsersProfile%, and %CommonProgramFiles%.
Turn on auditing as well for HKLM\Software (using regedt32).
Obviously, you only need to audit failures.
Log on as the user you're auditing; use runas.exe to start the event log (runas /user:administrator "mmc eventvwr.msc"), then start the program.
Look in the security event log for access violations and adjust the necessary rights until the program can be run by the user. (Note: some of the violations there are "normal" and can be ignored. Look especially at the ones related somehow to the program in question.)
0
 

Author Comment

by:jimshock
ID: 17149319
checking now...
0
 

Author Comment

by:jimshock
ID: 17149528
Tried running regmon and filemon under a user profile, kept telling me bad user name and password, which it isn't, not sure what's going on there.  Tried using the native tools, could not find %AllUsersProfile% -- is there no way for me to just set a policy to allow all users full access to this program?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:jimshock
ID: 17149579
p.s. increasing points
0
 
LVL 83

Expert Comment

by:oBdA
ID: 17150388
You can logon to the console as administrator as well, start regmon and filemon, then start the program from a terminal session.
%AllUsersProfile% is the environment variable which gives you the path to the "all users" profile; usually C:\documents and settings\all users, but open a command prompt and enter "echo %allusersprofile%" to be sure.
No, there's no policy to allow "all programs to run for every user" (except making all users administrators); how could there be? It's completely up to the program where and what it tries to write and which system components it tries to access how. If in doubt, ask the company how to get it to run, or replace it with a better software.
It's usually a sign of bad software design to publish a program that doesn't run in a restricted user's context; it's not as if operating systems with user control just appered out of the blue yesterday.
0
 

Author Comment

by:jimshock
ID: 17154006
Gotcha.  I do think this is crap software...I'll do some more digging and get back to you...
0
 

Author Comment

by:jimshock
ID: 17154585
got it.  The FaxFinder created a virtual printer; I just had to go Start -> Settings->Printers, right-click hit Properties and set Everyone to Full Control on the printer.  Thanks for your help
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question