Monitor File access with Security permissions

Posted on 2009-12-28
Last Modified: 2012-05-08
I need to find out what security permissions this applications needs on the system , so i dont have to make every user that needs this software an administrator. I know i can use filemon to monitor what files are being accessed. Is there a similiar tool or way to find out what files the user /or system is erroring out on becuase it doesn't have access to them when the user trys to run the application?
Question by:navajo26354
    LVL 31

    Accepted Solution

    What application are you using which requires administrative access (which you don't want to grant your users)?

    LVL 6

    Assisted Solution

    Some time ago I had to do similar task.
    First: If application is installed from *.msi, on the beginning of installation it should offer two options:
    a) Application used only by user account who installs it
    b) Application can be used by everyone
    Try to reinstall it and look if is there such option, if yes and you chose everyone  system sets suitable rights for every user to use it.

    If you have not described option I am afraid that you can only investigate access with filemon, regmon, or setting auditing of access on files and then looking into security log for denied access.
    Maybe helpful can be utility "handle" from sysinternals, you can start application with full rights and look what files have it opened, but application can open file and close it immediatelly, so in this case you will not see it.

    LVL 31

    Assisted Solution

    I have also found that the vendors generally know the why of why it needs administrative access.  It is generally a combination of file, folder, and/or registry key access not granted to standard users.  I have had almost 100% success at getting apps which "require" admin access to work, given enough time and support from the vendor.

    LVL 23

    Assisted Solution

    using Procmon , you will be able to exactly pinpoint the source of your problem, The ACCESS DENIED message should make it easy.
    filter out by registry & file system access with only your processes in scope which will give you the same effect as using Filemon & Regmon simultaneously.


    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now