Windows 7 Pro - Full Control/Permissions for an app
I have a new Windows 7 Pro (Acer VX275) that we just set up here at the shop. We want the user as a Standard User with name HA017. We installed our routine application called AB.exe. The company that produces AB says they support Win 7. When launched from the desktop shortcut, Win 7 puts up a prompt for the Admin password. We can't get rid of that password prompt behavior. Here's what we've tried thus far.
On the admin account, we went to the folder (c:\Program Files\AB) and granted HA017 full control over the folder. No luck.
We went to the admin account and found the application - AB.exe - and set the User HA017 with full control. No luck.
We established the user HA017 as an admin and uninstalled and reinstalled - runs the app fine but with the admin privs. However, reverted to a standard user - no luck.
Back to the admin acct and regranted full control to HA017 (read, write, etc). Logged on as HA017 - standard user - no luck.
Set HA017 as admin - and set up the "Take Ownership" context menu applet. Right click, Take Ownership - it runs. Reverted to standard user. No luck.
I'm obviously missing something here? Can someone point me in the right direction?
On the admin account, we went to the folder (c:\Program Files\AB) and granted HA017 full control over the folder. No luck.
We went to the admin account and found the application - AB.exe - and set the User HA017 with full control. No luck.
We established the user HA017 as an admin and uninstalled and reinstalled - runs the app fine but with the admin privs. However, reverted to a standard user - no luck.
Back to the admin acct and regranted full control to HA017 (read, write, etc). Logged on as HA017 - standard user - no luck.
Set HA017 as admin - and set up the "Take Ownership" context menu applet. Right click, Take Ownership - it runs. Reverted to standard user. No luck.
I'm obviously missing something here? Can someone point me in the right direction?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Further - I did check with the authors of AB.exe. There arer no services spawned by AB.exe nor does it use any special services outside of the normal Windows services already in place.
Helpful?
Helpful?
Would it help to:
1 - Right Click on the Shortcut
2 - On the Shortcut Tab click "Advanced" in the lower right hand corner
3 - Check Run As Administrator
Let us know if that helps.
1 - Right Click on the Shortcut
2 - On the Shortcut Tab click "Advanced" in the lower right hand corner
3 - Check Run As Administrator
Let us know if that helps.
Seems to me this is a User Account Control thing.
First, disable UAC. I don't recommend it but you can do it to try to see if that doesn't solve your problem. Then download ACT (Application Compatibility Toolkit) and change the application so that it can run with admin privileges.
First, disable UAC. I don't recommend it but you can do it to try to see if that doesn't solve your problem. Then download ACT (Application Compatibility Toolkit) and change the application so that it can run with admin privileges.
We ran into UAC problems with Sage Accpac accounting software.
To turn off: Start>Help and Support>Type in "UAC">then select the first option "Turn User Account Control on or off"
To turn off: Start>Help and Support>Type in "UAC">then select the first option "Turn User Account Control on or off"
To add to what sighar wrote, you can right click on the application and choose Troubleshoot compatability, check the box for "the program requires additional permissions, click next and start the program. If that works you a=can save the settings and the program should run as addministrator from that point on. I say should, because sometimes you still just need to drop the UAC settings down a notch at a time till the program gets around the issue. Annother way is to test the startup of the application while running ProcMon to see where it gets hung up.
ASKER
OK, let me seek a further clarification. First off, disabling UAC can be done but unfortunately, that defeats the nice security feature that helpfully "goof proofs" windows. However we will live with it if need be.
Question: Would disabling UAC with the Admin account be applied machine-wide, and thus apply it into/onto the standard user account? Or do I have to assign user HA017 temp admin privs, knock down UAC, revert to a standard user?
(Seems kind of kludgy, doesn't it...)
H
Note:I won't be back until Wed - day after tomorrow....
Question: Would disabling UAC with the Admin account be applied machine-wide, and thus apply it into/onto the standard user account? Or do I have to assign user HA017 temp admin privs, knock down UAC, revert to a standard user?
(Seems kind of kludgy, doesn't it...)
H
Note:I won't be back until Wed - day after tomorrow....
ASKER
While I'm working (thinking) on this, does anyone know if the "sequence" of loading apps matters when it comes to UAC/Ownership. What I mean is this - Does it matter if:
(a) I install the app first, then establish the user account and confer control/priveleges from the admin at that point,
or
(b) Establish the user account, install the app using the admin, then confer control/privs upon the user after
?
Second point: How is then that normal routine third party type applications (for example CCleaner or Office) for example get to run unencumbered on the standard account and this one refuses? I don't understand it.
(a) I install the app first, then establish the user account and confer control/priveleges from the admin at that point,
or
(b) Establish the user account, install the app using the admin, then confer control/privs upon the user after
?
Second point: How is then that normal routine third party type applications (for example CCleaner or Office) for example get to run unencumbered on the standard account and this one refuses? I don't understand it.
Windows 7 and the UAC do some things that are, hard to understand. Depending on the settings it can stop users, (applications), from writing to the registry and to certain places in the file system. It will try working around that by writing to the local user registry or to the users home directory when needed and the proper UAC settings are in place.
This might help...
http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx
This might help...
http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx
ASKER
Hi again. I'm home today fighting a cold so I've lots of time on my hands...
I have done a lot of Googling today. So far I've not come up with a single stisfactory answer. What I have discovered is, I can not do this. It appears I have to make that standard user an admin which directly contradicts and defeats the purpose of UAC's security features. Then I think, "Wait a minute! That's completely bass-ackward! Why would they code the OS to be secure then force the users/admins to thwart it because they can't run anything as a standard user?" Again, I go back to why do some apps run without an admin password, let's take the example of a program like CCleaner? Is it because CCleaner is coded or written in such a way or manner to allow standard users to use it?
Is there some method available that stipulates: If we run AB.exe, let it go because we absolutely TRUST that is bona-fide and that it will do no harm?
I still don't know if setting the user up before or subsequent to the installation of AB.exe is impacting this... I don't think it matters but does somone know for sure?
H
I have done a lot of Googling today. So far I've not come up with a single stisfactory answer. What I have discovered is, I can not do this. It appears I have to make that standard user an admin which directly contradicts and defeats the purpose of UAC's security features. Then I think, "Wait a minute! That's completely bass-ackward! Why would they code the OS to be secure then force the users/admins to thwart it because they can't run anything as a standard user?" Again, I go back to why do some apps run without an admin password, let's take the example of a program like CCleaner? Is it because CCleaner is coded or written in such a way or manner to allow standard users to use it?
Is there some method available that stipulates: If we run AB.exe, let it go because we absolutely TRUST that is bona-fide and that it will do no harm?
I still don't know if setting the user up before or subsequent to the installation of AB.exe is impacting this... I don't think it matters but does somone know for sure?
H
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
OK, John - I've tested procmon on my home system just to see what it looks like. Tell me --
"Access denied" is the precise string, correct? Because it's not offered as an option in the drop down... If "Access denied" is the proper allowed entry, am I to assume that it has to be case sensitive, ie "Access denied" vs "access denied". Second question: Is "Access denied" going to actually be a result of the UAC stopping to ask for the admin password?
H
"Access denied" is the precise string, correct? Because it's not offered as an option in the drop down... If "Access denied" is the proper allowed entry, am I to assume that it has to be case sensitive, ie "Access denied" vs "access denied". Second question: Is "Access denied" going to actually be a result of the UAC stopping to ask for the admin password?
H
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Yes, and you type it in the top filter box, even though it is not a selectable option, and it is case insensitve.....
ASKER
OK, good evening. Here's what worked for me and this "problem".
First I uninstalled the application completely. Next, the install package was one folder deep under the root. I logged in under the standard user account. I launched the install package and before any changes were permitted, I was prompted for the admin password. The app installed smoothly. Still in the standard user account, I drilled down to the install folder (C:\ProgramFiles\Autobase)
Done! It works perfectly and I didn't have to sacrifice a lot of built in security for basic functionality one would normally expect.
Even though Win 7's UAC is easier to manage, I still think there ought to be a way to tell Win 7, "Look I know what I'm doing, I trust this application or this process, let it pass." Why there isn't an easier more direct UAC override is a question that may never be answered.
I'll see about splitting some points here.
H
First I uninstalled the application completely. Next, the install package was one folder deep under the root. I logged in under the standard user account. I launched the install package and before any changes were permitted, I was prompted for the admin password. The app installed smoothly. Still in the standard user account, I drilled down to the install folder (C:\ProgramFiles\Autobase)
Done! It works perfectly and I didn't have to sacrifice a lot of built in security for basic functionality one would normally expect.
Even though Win 7's UAC is easier to manage, I still think there ought to be a way to tell Win 7, "Look I know what I'm doing, I trust this application or this process, let it pass." Why there isn't an easier more direct UAC override is a question that may never be answered.
I'll see about splitting some points here.
H
ASKER
I figured some of this out myself but the experts here were instrumental in stimulating thoughts about the solution.
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER