Avatar of whftherb
whftherbFlag for United States of America asked on

Windows 7 Pro - Full Control/Permissions for an app

I have a new Windows 7 Pro (Acer VX275) that we just set up here at the shop.  We want the user as a Standard User with name HA017.  We installed our routine application called AB.exe.  The company that produces AB says they support Win 7.  When launched from the desktop shortcut, Win 7 puts up a prompt for the Admin password.  We can't get rid of that password prompt behavior.  Here's what we've tried thus far.

On the admin account, we went to the folder (c:\Program Files\AB) and granted HA017 full control over the folder.  No luck.  

We went to the admin account and found the application - AB.exe - and set the User HA017 with full control.  No luck.

We established the user HA017 as an admin and uninstalled and reinstalled - runs the app fine but with the admin privs.  However, reverted to a standard user - no luck.  

Back to the admin acct and regranted full control to HA017 (read, write, etc).  Logged on as HA017 - standard user - no luck.

Set HA017 as admin - and set up the "Take Ownership" context menu applet.  Right click, Take Ownership - it runs.  Reverted to standard user.  No luck.

I'm obviously missing something here?  Can someone point me in the right direction?

Microsoft Legacy OSWindows OSWindows 7

Avatar of undefined
Last Comment
whftherb

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
mitrum

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
whftherb

Are you referring to Sysinternals Process Monitor?
ASKER
whftherb

Further - I did check with the authors of AB.exe.  There arer no services spawned by AB.exe nor does it use any special services outside of the normal Windows services already in place.

Helpful?

Bill Louth

Would it help to:
1 - Right Click on the Shortcut
2 - On the Shortcut Tab click "Advanced" in the lower right hand corner
3 - Check Run As Administrator

Let us know if that helps.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Sigurdur Haraldsson

Seems to me this is a User Account Control thing.

First, disable UAC. I don't recommend it but you can do it to try to see if that doesn't solve your problem. Then download ACT (Application Compatibility Toolkit) and change the application so that it can run with admin privileges.
Bill Louth

We ran into UAC problems with Sage Accpac accounting software.

To turn off:  Start>Help and Support>Type in "UAC">then select the first option "Turn User Account Control on or off"
Hulking

To add to what sighar wrote, you can right click on the application and choose Troubleshoot compatability, check the box for "the program requires additional permissions, click next and start the program. If that works you a=can save the settings and the program should run as addministrator from that point on. I say should, because sometimes you still just need to drop the UAC settings down a notch at a time till the program gets around the issue. Annother way is to test the startup of the application while running ProcMon to see where it gets hung up.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
whftherb

OK, let me seek a further clarification.  First off, disabling UAC can be done but unfortunately, that defeats the nice security feature that helpfully "goof proofs" windows.  However we will live with it if need be.  

Question:  Would disabling UAC with the Admin account be applied machine-wide, and thus apply it into/onto the standard user account?  Or do I have to assign user HA017 temp admin privs, knock down UAC, revert to a standard user?  

(Seems kind of kludgy, doesn't it...)

H

Note:I won't be back until Wed - day after tomorrow....
ASKER
whftherb

While I'm working (thinking) on this, does anyone know if the "sequence" of loading apps matters when it comes to UAC/Ownership.  What I mean is this - Does it matter if:

(a) I install the app first, then establish the user account and confer control/priveleges from the admin at that point,

or

(b) Establish the user account, install the app using the admin, then confer control/privs upon the user after

?

Second point:  How is then that normal routine third party type applications (for example CCleaner or Office)  for example get to run unencumbered on the standard account and this one refuses?  I don't understand it.
Hulking

Windows 7 and the UAC do some things that are, hard to understand. Depending on the settings it can stop users, (applications), from writing to the registry and to certain places in the file system. It will try working around that by writing to the local user registry or to the users home directory when needed and the proper UAC settings are in place.

This might help...
http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
whftherb

Hi again.  I'm home today fighting a cold so I've lots of time on my hands...

I have done a lot of Googling today.  So far I've not come up with a single stisfactory answer.  What I have discovered is, I can not do this.  It appears I have to make that standard user an admin which directly contradicts and defeats the purpose of UAC's security features.  Then I think, "Wait a minute!  That's completely bass-ackward!  Why would they code the OS to be secure then force the users/admins to thwart it because they can't run anything as a standard user?"  Again, I go back to why do some apps run without an admin password, let's take the example of a program like CCleaner?  Is it because CCleaner is coded or written in such a way or manner to allow standard users to use it?

Is there some method available that stipulates:  If we run AB.exe, let it go because we absolutely TRUST that is bona-fide and that it will do no harm?

I still don't know if setting the user up before or subsequent to the installation of AB.exe is impacting this...  I don't think it matters but does somone know for sure?

H
SOLUTION
johnb6767

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
whftherb

OK, John - I've tested procmon on my home system just to see what it looks like.  Tell me --
"Access denied" is the precise string, correct?  Because it's not offered as an option in the drop down...  If "Access denied" is the proper allowed entry, am I to assume that it has to be case sensitive, ie "Access denied" vs "access denied".  Second question:  Is "Access denied" going to actually be a result of the UAC stopping to ask for the admin password?

H
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
johnb6767

Yes, and you type it in the top filter box, even though it is not a selectable option, and it is case insensitve.....
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
whftherb

OK, good evening.  Here's what worked for me and this "problem".

First I uninstalled the application completely.  Next, the install package was one folder deep under the root.  I logged in under the standard user account.  I launched the install package and before any changes were permitted, I was prompted for the admin password.  The app installed smoothly.  Still in the standard user account, I drilled down to the install folder (C:\ProgramFiles\Autobase).  On that folder I took "ownership" by right clicking it > Properties panel > Security > Advanced > Owner tab.  Once there I observed that the folder was owned by Administrator and the Administrator Group.  I added the standard user to that list and selected it as owner, all the while giving Windows the admin password when it begged for it.  Closed out and (here's where I probably went wrong the first time) ...  rebooted.

Done!  It works perfectly and I didn't have to sacrifice a lot of built in security for basic functionality one would normally expect.

Even though Win 7's UAC is easier to manage, I still think there ought to be a way to tell Win 7, "Look I know what I'm doing, I trust this application or this process, let it pass."  Why there isn't an easier more direct UAC override is a question that may never be answered.

I'll see about splitting some points here.

H
ASKER
whftherb

I figured some of this out myself but the experts here were instrumental in stimulating thoughts about the solution.