Solved

How to give End Users access to C:\ without compromising local security

Posted on 2006-10-24
8
251 Views
Last Modified: 2010-08-05
Here is the Problem:

  We have an Database system that has been upgraded.  With the current upgrade when the user try to do some task the application is trying to write to C:\ drive.  It's not temp or application data,  It's targating the local C:\
 
We never gave our End Users an Admin right to the local machine.  What is the best approch to fix this issue.  Our end users was able to open the application.  But  cannot perform some task because when they're login they cannot access the C:\.    The application is resding from the network.  The end users has a shortcut Icon from their desktop.  When they click the application,  it writes down part of it to tmp folder.  But with the recent upgrade  It's trying to acces the C:\.

Your Expertise is really appreciated.

rmagwili
0
Comment
Question by:rmagwili
8 Comments
 
LVL 4

Expert Comment

by:mingano
ID: 17800542
Possible solutions:

Check with the software vendor.  They may have a way to redefine the directory the application is targeting.  This may be best.

For an immediate fix, grant the application "Run As" credentials - you can allow the application to run as administrator even if the user doesn't have that access.  Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800646
Check the event logs also, to see why they are denied, perhaps all they need is an NTFS permission such as create or modify permission for the folder that the tmp file is being created in, just like with M$ word or excel... http://support.microsoft.com/?kbid=277867
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17801489
Use diskmon from sysinternals to see which file or directory they are trying to acess/create for what purposes (read/write).
Then give the users the correct rights. Very granular without having to give admin rights.
http://www.sysinternals.com/Utilities/Diskmon.html

J.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17803341
Also, you can give them a special account that has the elevated privileges, but they don't use for things like web surfing and reading email (i.e., to protect against email and web-borne malware accessing those elevated privileges).

They can then access the special account through Fast User Switching (if you have it enabled) or with 'runas' (shift-right-click will bring this up on the menu in explorer).
0
 

Author Comment

by:rmagwili
ID: 17807323
Mingano -

- Even better, create a new, non-admin user that has rights to c:\ and set the application to run as that.

 Do you mean create local account on the workstation or create a user from AD.  I'm really new to this,  How am I going to run the Applaciation to run with the new created non admin user with access to C:\\

rmagwili
 
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042276
PAQed with no points refunded (of 250)

Computer101
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 103
Restrict RDP Remote Access through SonicWall 3 95
IT usage Policies for a new staff joining the organisation. 4 91
Compromised PC? 17 171
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now