Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to give End Users access to C:\ without compromising local security

Posted on 2006-10-24
8
Medium Priority
?
262 Views
Last Modified: 2010-08-05
Here is the Problem:

  We have an Database system that has been upgraded.  With the current upgrade when the user try to do some task the application is trying to write to C:\ drive.  It's not temp or application data,  It's targating the local C:\
 
We never gave our End Users an Admin right to the local machine.  What is the best approch to fix this issue.  Our end users was able to open the application.  But  cannot perform some task because when they're login they cannot access the C:\.    The application is resding from the network.  The end users has a shortcut Icon from their desktop.  When they click the application,  it writes down part of it to tmp folder.  But with the recent upgrade  It's trying to acces the C:\.

Your Expertise is really appreciated.

rmagwili
0
Comment
Question by:rmagwili
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 4

Expert Comment

by:mingano
ID: 17800542
Possible solutions:

Check with the software vendor.  They may have a way to redefine the directory the application is targeting.  This may be best.

For an immediate fix, grant the application "Run As" credentials - you can allow the application to run as administrator even if the user doesn't have that access.  Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800646
Check the event logs also, to see why they are denied, perhaps all they need is an NTFS permission such as create or modify permission for the folder that the tmp file is being created in, just like with M$ word or excel... http://support.microsoft.com/?kbid=277867
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17801489
Use diskmon from sysinternals to see which file or directory they are trying to acess/create for what purposes (read/write).
Then give the users the correct rights. Very granular without having to give admin rights.
http://www.sysinternals.com/Utilities/Diskmon.html

J.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17803341
Also, you can give them a special account that has the elevated privileges, but they don't use for things like web surfing and reading email (i.e., to protect against email and web-borne malware accessing those elevated privileges).

They can then access the special account through Fast User Switching (if you have it enabled) or with 'runas' (shift-right-click will bring this up on the menu in explorer).
0
 

Author Comment

by:rmagwili
ID: 17807323
Mingano -

- Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.

 Do you mean create local account on the workstation or create a user from AD.  I'm really new to this,  How am I going to run the Applaciation to run with the new created non admin user with access to C:\\

rmagwili
 
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042276
PAQed with no points refunded (of 250)

Computer101
EE Admin
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
How does someone stay on the right and legal side of the hacking world?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question