Solved

How to give End Users access to C:\ without compromising local security

Posted on 2006-10-24
8
258 Views
Last Modified: 2010-08-05
Here is the Problem:

  We have an Database system that has been upgraded.  With the current upgrade when the user try to do some task the application is trying to write to C:\ drive.  It's not temp or application data,  It's targating the local C:\
 
We never gave our End Users an Admin right to the local machine.  What is the best approch to fix this issue.  Our end users was able to open the application.  But  cannot perform some task because when they're login they cannot access the C:\.    The application is resding from the network.  The end users has a shortcut Icon from their desktop.  When they click the application,  it writes down part of it to tmp folder.  But with the recent upgrade  It's trying to acces the C:\.

Your Expertise is really appreciated.

rmagwili
0
Comment
Question by:rmagwili
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 4

Expert Comment

by:mingano
ID: 17800542
Possible solutions:

Check with the software vendor.  They may have a way to redefine the directory the application is targeting.  This may be best.

For an immediate fix, grant the application "Run As" credentials - you can allow the application to run as administrator even if the user doesn't have that access.  Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800646
Check the event logs also, to see why they are denied, perhaps all they need is an NTFS permission such as create or modify permission for the folder that the tmp file is being created in, just like with M$ word or excel... http://support.microsoft.com/?kbid=277867
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17801489
Use diskmon from sysinternals to see which file or directory they are trying to acess/create for what purposes (read/write).
Then give the users the correct rights. Very granular without having to give admin rights.
http://www.sysinternals.com/Utilities/Diskmon.html

J.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17803341
Also, you can give them a special account that has the elevated privileges, but they don't use for things like web surfing and reading email (i.e., to protect against email and web-borne malware accessing those elevated privileges).

They can then access the special account through Fast User Switching (if you have it enabled) or with 'runas' (shift-right-click will bring this up on the menu in explorer).
0
 

Author Comment

by:rmagwili
ID: 17807323
Mingano -

- Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.

 Do you mean create local account on the workstation or create a user from AD.  I'm really new to this,  How am I going to run the Applaciation to run with the new created non admin user with access to C:\\

rmagwili
 
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042276
PAQed with no points refunded (of 250)

Computer101
EE Admin
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month4 days, 17 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question