Set Program to Run As Administrator Permanently

I have several client computers running Windows XP Pro SP2 that are connected by my active directory domain. I have a program that each client needs to run, but for it to work correctly it must be run as an administrator. If I give the domain users full permissions on the folder the software is installed, it allows it to run, but generates errors. It appears there are some registry files in the software folder that need to run.

Is there a way to give a domain user full right to execute the software without making them all administrators? How can I set the "run as" property where it will maintain the settings?

I appreciate any help you can provide.

Thank you,
Kristofer
conquerdevAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

discgmanCommented:
1st you can try to add domain users to all the users computers power users local group. Its a manual process unless you can script it or add it to an image.

2nd, due to AD security you should not have the run as command automatically have anyone logged onto it. Check with the manufacturer of the software to see what processes run when the program runs and where are all its main files stored on the hard drive. You might have to give permissions to many folders on the pc's.

I am sure you have more questions, just send a reply.


Discgman
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sliiconmanCommented:
If the files and registry keys need permissions checkout FileMon and RegMon.  Then in group policy add the keys and the files needed. This is much more secure. We do it all the time as we do not let users run with elevated privelages.

0
Shift-3Commented:
As you said, the program is probably trying to access registry entries which users don't have permission to.  You can use Process Monitor to find out which keys to grant users permission to.
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Shift-3Commented:
Ah, I'm one minute too late.  Process Monitor is a newer, integrated version of FileMon and RegMon.
0
sliiconmanCommented:
       ....    After you download regmon and filemon add the icon to the all users desktop. Logon to the server as the regular user account with no rights.  

Do a run as on the filemon and or regmon as a local admin. Start the logging of filemon or regmon.

Then as the regular logged on user try the application. Let it fail. Stop the logging and look for access denied. This may take a few tries as some keys expose others.

Add authenticated users to the keys that need access or a group you create. Add the permissions locall on the computers registry or files and make sure it all works. Then add it to domain policy at the appropriate level
0
sliiconmanCommented:
I still prefer regmon and filemon.. but thats me :) Old habits do not die sometimes ! ;)
0
Shift-3Commented:
ProcMon does all of the same things.  The filters are a little more intimidating, but you can easily turn off all file or registry entries using the toolbar buttons in the upper right.
0
conquerdevAuthor Commented:
Hello discqman,

The adding of the domain users to the power users on the local computers did the trick. I appreciate your help.

Thank you,
Kristofer
0
sliiconmanCommented:
Really? That is the answer that was accepted? Ouch! While it is a correct best practice it doesn't seem like the best solution to this, or a solution at all.
0
discgmanCommented:
Would you rather spend the day analyzing processes or add a user group to power users and get on with the next issue? Users are not that patient...
0
sliiconmanCommented:
It takes minutes to do this and it makes the company more secure.  It is admin preference. I prefer to give users as little permission as possible.POwer users is too much for my liking way too much. The log atkes about 5 minutes to disect one sort for access denied and 5 minutes to add to GPO . Definetly NOT all day or more than 15 minutes.

To each there own.
0
discgmanCommented:
Agree to disagree.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.