[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

Legacy programmes that require Administrator access on a Windows 2003 SBS R2 / XP network

Server: Windows SBS 2003 R2 Domain Controller
Client computers: XP machines

We have a number of programmes that require administrator access to be run (yes, it's very annoying). We've contacted the developers, and they do not intend to fix this problem. This seems to be run-of-the-mill for accounting types software. Unfortunately, our users still need to use this software.

Solutions we've tried in the past have been monitoring the installing of the software on a clean computer, then granting the users read/write/modify access to all installed files. This solution is long, tedious, and doesn't always work. And you have to do it again with every new release of the software (which is quite often in the tax industry).

Another possible solution might be to grant that programme elevated privileges, so that even though the users themselves are restricted the programme runs as "administrator". Is this possible? A requirement of this solution would obviously be no extra user-interaction. i.e. a box doesn't popup saying "run as administrator?".

If the above is possible, that would save a lot of time. Otherwise, does anyone else have any suggestions to our problem?
  • 3
1 Solution
nulldaemonAuthor Commented:
Please note that costs of hosting a terminal server (hardware + software licensing) would put that solution out of reach.
This should be in a development zone..  in my humble opinion as I do not respect lazy programmers who insist on using IP addresses,  don't want to fix their programs to folllow Microsoft common practices, or want to shove their problems on admins.  I say take admin privileges from the programmers at let them figure it out.  
nulldaemonAuthor Commented:
We don't develop the programmes in house. We have no control over the development of the programmes themselves.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
This has been an ongoing issue... but personally I don't really have much problem with it.  These programs don't require that the user is a DOMAIN administrator, just a LOCAL administrator.  By Default, SBS makes the assigned user of a workstation a local administrator anyhow.

(When you properly join a workstation to an SBS domain using http://<servername>/connectcomputer)

Having LOCAL Administrative privileges doesn't really do much if you also envoke a Software Restriction Policy... because that's really all a local admin can do is install stuff... and the policy will control that.


If you didn't use the ConnectComputer wizard to join the workstations then you should follow the steps outlined in this post to correct that:  http://sbsurl.com/rejoin

nulldaemonAuthor Commented:
Hi, after much time I've come to realise you were right, and local admin is the only viable solution to this problem. It's taken me this long to believe that simply because I didn't want to.

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now