Solved

How to give End Users access to C:\ without compromising local security

Posted on 2006-10-24
8
253 Views
Last Modified: 2010-08-05
Here is the Problem:

  We have an Database system that has been upgraded.  With the current upgrade when the user try to do some task the application is trying to write to C:\ drive.  It's not temp or application data,  It's targating the local C:\
 
We never gave our End Users an Admin right to the local machine.  What is the best approch to fix this issue.  Our end users was able to open the application.  But  cannot perform some task because when they're login they cannot access the C:\.    The application is resding from the network.  The end users has a shortcut Icon from their desktop.  When they click the application,  it writes down part of it to tmp folder.  But with the recent upgrade  It's trying to acces the C:\.

Your Expertise is really appreciated.

rmagwili
0
Comment
Question by:rmagwili
8 Comments
 
LVL 4

Expert Comment

by:mingano
ID: 17800542
Possible solutions:

Check with the software vendor.  They may have a way to redefine the directory the application is targeting.  This may be best.

For an immediate fix, grant the application "Run As" credentials - you can allow the application to run as administrator even if the user doesn't have that access.  Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800646
Check the event logs also, to see why they are denied, perhaps all they need is an NTFS permission such as create or modify permission for the folder that the tmp file is being created in, just like with M$ word or excel... http://support.microsoft.com/?kbid=277867
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17801489
Use diskmon from sysinternals to see which file or directory they are trying to acess/create for what purposes (read/write).
Then give the users the correct rights. Very granular without having to give admin rights.
http://www.sysinternals.com/Utilities/Diskmon.html

J.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17803341
Also, you can give them a special account that has the elevated privileges, but they don't use for things like web surfing and reading email (i.e., to protect against email and web-borne malware accessing those elevated privileges).

They can then access the special account through Fast User Switching (if you have it enabled) or with 'runas' (shift-right-click will bring this up on the menu in explorer).
0
 

Author Comment

by:rmagwili
ID: 17807323
Mingano -

- Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.

 Do you mean create local account on the workstation or create a user from AD.  I'm really new to this,  How am I going to run the Applaciation to run with the new created non admin user with access to C:\\

rmagwili
 
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042276
PAQed with no points refunded (of 250)

Computer101
EE Admin
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
User Level Security 6 48
google exe file 5 76
Admin Certificates in my browser 2 32
Disable TLS1.0 on Win 2012 server 7 30
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question