?
Solved

Application Requires Admin Rights to Run

Posted on 2011-02-13
9
Medium Priority
?
744 Views
Last Modified: 2012-05-11
I have just installed sbs 2008 along with 3 workstations. I have everything working fine except an application that my client uses. Its a basic design program that doesn't require installation, it can be run from the root folder. The only issue i have is that as all of the users are set to standard users the application wont run. As soon as i add the user to the administration group the application runs fine. Is there another way for me to do this as ideally i don't want the users being part of the admin group

Thanks
0
Comment
Question by:Daniel Bertolone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 123
ID: 34884565
You'll need to debug with Filemon and Regmon, what the application is doing, that needs admin rights. It may be possible to identify, that it's right to a location on the disk or registry that requires Admin rights, which will allow you to make some changes, and grant access to registry and disk for those users.

Speak to the Vendor/Developer about the application, and see if they can work with you.

with scripting you could also try and install the application normally in any folder, and then use the subst command to fool the application is running in the root of a drive, but this doesn't help you with the Admin access.
0
 
LVL 123
ID: 34884566
that's write to a location on disk or registry (not right!).
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 34884586
It is common for users in an SBS domain to be administrators of their own machine. As a matter of fact this was the default with SBS 2003, even though it defies Microsoft's best practices. Should you want to do so you can easily "upgrade" the user from the Windows SBS console under users and groups | users | double click on the user | computers | make the user an admin of any machine you would like.

However I can appreciate your concerns. If you want to remedy this you need to use a tool like Sysinternal's/Microsoft's  Process Monitor and determine what registry keys and folders to which the user  will need admin privileges and change just those entries. It is time consuming but standard practice:
http://technet.microsoft.com/en-us/sysinternals/bb896645
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Daniel Bertolone
ID: 34884614
There are no registry entries, just the files that are located in the program directory. Once I discover what files are needed for the app to run, is it simple enough giving the users admin access just to those files?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34884631
That is what process Monitor will tell you. Start recording as the user, open the application, when it fails, stop recording and review all of the errors. There will always be some that are totally unrelated, but it will advise which files, and registry entries, if any, the user was not allowed to access,and then you can add permissions for the user or a group  to which the user belongs.
0
 
LVL 123
ID: 34884655
It's possible it could be wrting to a temp directory? Check with Filemon and Regmon.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34884669
Filemon and regmon have been replaced by Process Monitor.
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 1000 total points
ID: 34884765
Use Process Monitor to monitor the application's registry and file calls. You can disable processes and network monitoring at the top. Also set the filter to use the name of the .exe and result contains the word denied. If you don't get any results, remove the name of the .exe. from the filter. This will provide more results but not all of them may apply to your specific application. Now you can grant the local users group the rights the needed to these registry and files entries. You may need to grant rights to a folder iteself, if it's creating new files in it. If so lock down the executes files on the folder to read only. This includes .dll, .chm, .exe, .bat, .cmd files. Now if you really want to document and recreate these needed changes for the other and future system. I recommend creating a batch file that calls SetACL. SetACL is on SourceForge site. That way you can quickly deal with this in the future. For a new system, install the application, confirm it runs as administrator, run the batch to set the proper rights, now test for non-admin user. I'm been using SBS with non-admin users for several years. It's just one of the steps I use to avoid most mal-ware.
0
 

Author Comment

by:Daniel Bertolone
ID: 34905776
Thanks guys
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question