?
Solved

How to give End Users access to C:\ without compromising local security

Posted on 2006-10-24
8
Medium Priority
?
264 Views
Last Modified: 2010-08-05
Here is the Problem:

  We have an Database system that has been upgraded.  With the current upgrade when the user try to do some task the application is trying to write to C:\ drive.  It's not temp or application data,  It's targating the local C:\
 
We never gave our End Users an Admin right to the local machine.  What is the best approch to fix this issue.  Our end users was able to open the application.  But  cannot perform some task because when they're login they cannot access the C:\.    The application is resding from the network.  The end users has a shortcut Icon from their desktop.  When they click the application,  it writes down part of it to tmp folder.  But with the recent upgrade  It's trying to acces the C:\.

Your Expertise is really appreciated.

rmagwili
0
Comment
Question by:rmagwili
6 Comments
 
LVL 4

Expert Comment

by:mingano
ID: 17800542
Possible solutions:

Check with the software vendor.  They may have a way to redefine the directory the application is targeting.  This may be best.

For an immediate fix, grant the application "Run As" credentials - you can allow the application to run as administrator even if the user doesn't have that access.  Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800646
Check the event logs also, to see why they are denied, perhaps all they need is an NTFS permission such as create or modify permission for the folder that the tmp file is being created in, just like with M$ word or excel... http://support.microsoft.com/?kbid=277867
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17801489
Use diskmon from sysinternals to see which file or directory they are trying to acess/create for what purposes (read/write).
Then give the users the correct rights. Very granular without having to give admin rights.
http://www.sysinternals.com/Utilities/Diskmon.html

J.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17803341
Also, you can give them a special account that has the elevated privileges, but they don't use for things like web surfing and reading email (i.e., to protect against email and web-borne malware accessing those elevated privileges).

They can then access the special account through Fast User Switching (if you have it enabled) or with 'runas' (shift-right-click will bring this up on the menu in explorer).
0
 

Author Comment

by:rmagwili
ID: 17807323
Mingano -

- Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.

 Do you mean create local account on the workstation or create a user from AD.  I'm really new to this,  How am I going to run the Applaciation to run with the new created non admin user with access to C:\\

rmagwili
 
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042276
PAQed with no points refunded (of 250)

Computer101
EE Admin
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question