[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

User Account Control

Hi Experts,

I have a user accessing the server via RDP to access a specific application. When the user goes to launch the application. I get a login failure error.

The user has very basic rights as we do not want them accessing anything or changing any settings. Purely just want to provide access to the application without asking for login credentials of an administrator.

Please see attached image for exact error being received.

I am looking for a way to give user access to the file while not affecting security.

Look forward to reading your comments!
myob-issue.PNG
0
isdd2000
Asked:
isdd2000
  • 5
  • 4
  • 2
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Your options are limited if the application requires administrator credentials.

Take a look at Power Broker from Beyond Trust. Power Broker utilizes Group Policy granularity for application permissions.  

... Thinkpads-User
0
 
isdd2000Author Commented:
Hi Thinkpads,

Appreciate your response.
Is the only way around this error to alter group policy?

Look forward to hearing from you.
0
 
John HurstBusiness Consultant (Owner)Commented:
Beyond Trust (http://www.beyondtrust.com/) uses extensions of Group Policy to provide / control access. It is additional to regular Windows group policies, but that is the way it works.

I do not of any other way other than to give the user admin authentication (which you do not want to do).

.... Thinkpads_User
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
isdd2000Author Commented:
Hi Thinkpad,

Unfortunatly giving the user admin rights is not an option.
0
 
John HurstBusiness Consultant (Owner)Commented:
>>> Unfortunatly giving the user admin rights is not an option.

Yes, I assumed that. So that is why I suggest Beyond Trust. It is designed to do what you want.

... Thinkpads_User
0
 
jrhelgesonCommented:
This is User Account Control, that is asking any non-administrator to elevate their privileges to a higher level that the application needs to run.
The only real choice you have is to give the user the required privileges, or don't run that software on the server.

One way you can give the user access is to create a custom Remote Desktop Icon.  Edit the remote desktop connection settings and tell it to automatically launch the application - that way, the application itself runs in the terminal services window, as though it were an application that were installed on her local PC.

I could explain a lot, but it would make a lot more sense if you were to test it out.  For your test, use admin credentials and have it launch the application - and see what it looks like. When you exit the application, it will close out the RDP session. If you cache those credentials, then the user will never know the username/password that are used to access the application.

Joel
0
 
isdd2000Author Commented:
Hi Guys,

I tried turning off UAC and running GP update (just incase), with no luck. I will invistage the terminial services more indepth.

Appricate your help!
0
 
isdd2000Author Commented:
Hi Experts,

The solution was providing local administration access to the domain controller and turning off UAC.

Thanks for your help.
Will mark as solved.
0
 
John HurstBusiness Consultant (Owner)Commented:
Thank you and thanks for the updated information. .... Thinkpads_User
0
 
jrhelgesonCommented:
Did you try having the RDP client launch the application directly?

Joel
0
 
isdd2000Author Commented:
Hi experts,

As  I do not have direct access to the machine I didn't however I tested in a test environment and worked ok.

As I said I removed UAC and gave the user local admin rights. This worked and kept folder restrictions allied.

Thanks.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now