Solved

Application Requires Admin Rights to Run

Posted on 2011-02-13
9
730 Views
Last Modified: 2012-05-11
I have just installed sbs 2008 along with 3 workstations. I have everything working fine except an application that my client uses. Its a basic design program that doesn't require installation, it can be run from the root folder. The only issue i have is that as all of the users are set to standard users the application wont run. As soon as i add the user to the administration group the application runs fine. Is there another way for me to do this as ideally i don't want the users being part of the admin group

Thanks
0
Comment
Question by:Daniel Bertolone
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 118
ID: 34884565
You'll need to debug with Filemon and Regmon, what the application is doing, that needs admin rights. It may be possible to identify, that it's right to a location on the disk or registry that requires Admin rights, which will allow you to make some changes, and grant access to registry and disk for those users.

Speak to the Vendor/Developer about the application, and see if they can work with you.

with scripting you could also try and install the application normally in any folder, and then use the subst command to fool the application is running in the root of a drive, but this doesn't help you with the Admin access.
0
 
LVL 118
ID: 34884566
that's write to a location on disk or registry (not right!).
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 34884586
It is common for users in an SBS domain to be administrators of their own machine. As a matter of fact this was the default with SBS 2003, even though it defies Microsoft's best practices. Should you want to do so you can easily "upgrade" the user from the Windows SBS console under users and groups | users | double click on the user | computers | make the user an admin of any machine you would like.

However I can appreciate your concerns. If you want to remedy this you need to use a tool like Sysinternal's/Microsoft's  Process Monitor and determine what registry keys and folders to which the user  will need admin privileges and change just those entries. It is time consuming but standard practice:
http://technet.microsoft.com/en-us/sysinternals/bb896645
0
 

Author Comment

by:Daniel Bertolone
ID: 34884614
There are no registry entries, just the files that are located in the program directory. Once I discover what files are needed for the app to run, is it simple enough giving the users admin access just to those files?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 34884631
That is what process Monitor will tell you. Start recording as the user, open the application, when it fails, stop recording and review all of the errors. There will always be some that are totally unrelated, but it will advise which files, and registry entries, if any, the user was not allowed to access,and then you can add permissions for the user or a group  to which the user belongs.
0
 
LVL 118
ID: 34884655
It's possible it could be wrting to a temp directory? Check with Filemon and Regmon.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34884669
Filemon and regmon have been replaced by Process Monitor.
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 250 total points
ID: 34884765
Use Process Monitor to monitor the application's registry and file calls. You can disable processes and network monitoring at the top. Also set the filter to use the name of the .exe and result contains the word denied. If you don't get any results, remove the name of the .exe. from the filter. This will provide more results but not all of them may apply to your specific application. Now you can grant the local users group the rights the needed to these registry and files entries. You may need to grant rights to a folder iteself, if it's creating new files in it. If so lock down the executes files on the folder to read only. This includes .dll, .chm, .exe, .bat, .cmd files. Now if you really want to document and recreate these needed changes for the other and future system. I recommend creating a batch file that calls SetACL. SetACL is on SourceForge site. That way you can quickly deal with this in the future. For a new system, install the application, confirm it runs as administrator, run the batch to set the proper rights, now test for non-admin user. I'm been using SBS with non-admin users for several years. It's just one of the steps I use to avoid most mal-ware.
0
 

Author Comment

by:Daniel Bertolone
ID: 34905776
Thanks guys
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now