ohjani
asked on
Permission different between Administrators and Power Users?
I have an ERP application which uses 2 servers. Server A for application installation while Server B for SQL server database hosting. Both servers located in the same workgroup and physically next to each other.
In order to run the ERP application, I need to install the ERP client into my user workstations (also in the same workgroup and same premises). Now my problem is, some of the workstation are able to run the application where some cannot. All the workstations are able to connect to both servers (tested on opening share folders from both servers). The only different is, some users are Administrators group in Server A and others are Power Users. The database link from Server A to Server B is using SA from ODBC.
Example:
WorkstationUsername ServerA_Username ServerA_Usergroup Remark
UserA UserA Administrators Can run client application
UserB UserB Power Users Cant run client application
Error message is the application error which says something like "No organisation found". I would like to know, what is the permission missing from Power Users which stop them from running the application from their workstation?
Both servers are Win2003 Server. Workstations are running on WinXP
In order to run the ERP application, I need to install the ERP client into my user workstations (also in the same workgroup and same premises). Now my problem is, some of the workstation are able to run the application where some cannot. All the workstations are able to connect to both servers (tested on opening share folders from both servers). The only different is, some users are Administrators group in Server A and others are Power Users. The database link from Server A to Server B is using SA from ODBC.
Example:
WorkstationUsername ServerA_Username ServerA_Usergroup Remark
UserA UserA Administrators Can run client application
UserB UserB Power Users Cant run client application
Error message is the application error which says something like "No organisation found". I would like to know, what is the permission missing from Power Users which stop them from running the application from their workstation?
Both servers are Win2003 Server. Workstations are running on WinXP
it seems it's something related to user authentication... everything is in the same windows domain???? everybody can see the domain????
My first reaction: this is a problem with the ERP client software and rights on the PC, not something within the domain. By default Domain administrators are also local administrators on all member machines of the domain. Lots of software is badly written and wants all users to be local administrator. A security nono, but not every software company has figured that one out.
Anyway, use regmon ( http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx ) AND filemon ( http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Regmon.mspx ) OR Process Monitor ( http://www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx ) to monitor what fails when you open the ERP client.
J.
Anyway, use regmon ( http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx ) AND filemon ( http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Regmon.mspx ) OR Process Monitor ( http://www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx ) to monitor what fails when you open the ERP client.
J.
One quick possibility to try, as PowerIT pointed out lots of software is badly written, trys to write to installation folder, config information, and temp files. Will fail unless user has full access to installation folder - Administrators will have, Power Users probably not. Try changing permissions on Installation folder to give full access to Power Users.
ASKER
The problem is, the user is already an Administrator at their WinXP workstation. The situation is, the user is Administrators in their workstation but they are only Power User in ServerA. Now seems that this application requires me to set them as Administrators in the server~
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no, it doesn't have a share folder to run the application. The application structure goes like this, first you installed the application to the server, once the application installation is done, it will create a subfolder called the Client Setup. After that you'll share the Client Setup folder to the workstations and the workstations will connect to this share folder and run the workstation setup files. Once the workstation has finished installed, they will no longer need to access the Client Setup folder anymore. the client setup files will contain all the necessary server IP and folders in order for the workstation to run the application.
And the database connection is through ODBC? Everyone is using SA as login with the same password?
J.
J.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.