WebGeeksUnlimited
asked on
DLL registration under a normal user account
Our desktops are locked down, which prevents users from installing unauthorized applications. One of our home grown applications can update it's self using a command script, but trying to register a DLL or OCX may fail under a normal AD user account. They also have no local admin rights either.
I've built a WinForm shim program that can invoke the update using elevated rights to accomplish the task and for now, used my admin account for test purposes. The shim is invoked by the logged in user that currently does not have the rights to do what is required and I don't want to run around every machine to perform the updates.
The question is, what are the minimal group(s) required to permit DLL or OCX registration? Must you be an administrator to do this or can one of the other groups (ie. Power User) provide that ability?
I was thinking of creating a special user account for the shim, for the purpose of the update and DLL/OCX registration on WinXP and only provide the minimal group rights to carry out the task. I couldn't find anywhere what group would allow regsvr32 to register the DLL or OCX file without an error.
Maybe there is a better way to do this?
I've built a WinForm shim program that can invoke the update using elevated rights to accomplish the task and for now, used my admin account for test purposes. The shim is invoked by the logged in user that currently does not have the rights to do what is required and I don't want to run around every machine to perform the updates.
The question is, what are the minimal group(s) required to permit DLL or OCX registration? Must you be an administrator to do this or can one of the other groups (ie. Power User) provide that ability?
I was thinking of creating a special user account for the shim, for the purpose of the update and DLL/OCX registration on WinXP and only provide the minimal group rights to carry out the task. I couldn't find anywhere what group would allow regsvr32 to register the DLL or OCX file without an error.
Maybe there is a better way to do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The power users group was sufficent to make it work. Thanks.
ASKER
By the way, just curious, is there a spot out at MSDN that documents what each group can do in WinXP? I've poked around looking for that detail, but maybe I'm not searching the right way.
I'm also not sure if after the "You can also" text if there was suppose to be something else, as it appears blank ...