Application Compatibility Toolkit Problems

Hi

I have installed Microsoft's Application Compatibility Toolkit (ACT) in order to bypass UAC for Standard Remote Desktop Users who need to run an app on our Server 2008 R2.

I setup a new database, saved it and installed it, which did the job straight away. I have since had to restart the server and the users are now unable to run the application, due to restrictions that require administrator elevation.

I am under the impression that ACT writes a registry value that the app references every time it starts. It then 'runs' the app with elevated permissions as defined in the ACT database.

Any ideas?

Dave
midoceanAsked:
Who is Participating?
 
midoceanConnect With a Mentor Author Commented:
Thanks for your help Rob. It required your VBS fix plus I had to edit permissions in the registry to allow all users the ability to modify a particluar Microsoft Jet program - related to the LOB I was trying to run via Terminal Services.
0
 
dew_associatesCommented:
You can't bypass UAC, but you csan work around it:

Here are two articles you should become intimately familiar with.

http://www.ghacks.net/2010/07/08/get-rid-of-uac-prompts-with-microsofts-application-compatibility-toolkit/

http://technet.microsoft.com/en-us/library/cc709628(WS.10).aspx
0
 
midoceanAuthor Commented:
Hi Dew

As I explained in my original posting, I have already installed the Application Compatibilty Toolkit. When it was first installed it worked fine but after a server restart has packed up.

Dave.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
dew_associatesCommented:
Okay, maybe I need to make the situation really clear. You said "I have installed Microsoft's Application Compatibility Toolkit (ACT) in order to bypass UAC for Standard Remote Desktop Users who need to run an app on our Server 2008 R2."

Why you thought you could install the Application Compatibility Toolkit thinking you could bypass server security and UAC is beyond me. I'm not sure what gave you that idea. As I stated in my previous post, you cannot bypass UAC, but you can work around it as noted in both articles.
0
 
RobSampsonCommented:
Hi, maybe this VBS code will add the registry keys for you that allow the program to run with elevated priveleges.

Basis taken from here:
http://www.verboon.info/index.php/2011/03/running-an-application-as-administrator-or-in-compatibility-mode/

Regards,

Rob.
strExe = "c:\program files\YourApp\YourApp.exe"
objShell.Run "REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"" /v """ & strExe & """ /t REG_SZ /d ""RUNASADMIN"" /f", 0, True

Open in new window

0
 
midoceanAuthor Commented:
Thanks Dew for your enlightening comments. If I wanted to be spoken to like an idiot I would have included that in my original question. Which, if you had bothered to read it properly, explained that I had already followed the process explained in your first link above (so no points there) and it worked. My problem is that since restarting the server it now doesn't work. In future please keep your patronising comments for someone else and read the question fully.
0
 
midoceanAuthor Commented:
Thanks Rob, I'll have a look at this and let you know if that fixes the UAC elevation problem.
0
 
RobSampsonConnect With a Mentor Commented:
Oops, I forgot to add the objShell object.

Rob.
strExe = "c:\program files\YourApp\YourApp.exe"
Set objShell = CreateObject("WScript.Shell")
objShell.Run "REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"" /v """ & strExe & """ /t REG_SZ /d ""RUNASADMIN"" /f", 0, True

Open in new window

0
 
dew_associatesCommented:
No one addressed you as though you were an idiot - had I done so it would have been unmistakable.

That said, I did read your comments, including "I setup a new database, saved it and installed it, which did the job straight away. I have since had to restart the server and the users are now unable to run the application, due to restrictions that require administrator elevation.

I am under the impression that ACT writes a registry value that the app references every time it starts. It then 'runs' the app with elevated permissions as defined in the ACT database."

I asked you to read and understand the Technet article as it explains security in Windows Server 2008 and UAC. I'll try and summarize it for you. When you installed ACT and created your database, you were already at an admistrator level and your users had already been issued their security tokens - hence they too had access. However, the security process in Windows Server 2008 sets a flag when new programs such as ACT are installed that requires a new token be issued at restart, and in this case, one with elevated permissions. This is designed to prevent inavertant penetration of your server as the result of a malware installation.


0
 
midoceanAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 300 points for RobSampson's comment http:/Q_27513215.html#37366372
Assisted answer: 0 points for midocean's comment http:/Q_27513215.html#37367314

for the following reason:

Thanks for your help Rob. It required your VBS fix plus I had to edit permissions in the registry to allow all users the ability to modify a particluar Microsoft Jet program - related to the LOB I was trying to run via Terminal Services
0
 
dew_associatesCommented:
Reducing the points on this issue is inappropriate given that the information provided in the request "plus I had to edit permissions in the registry to allow all users the ability to modify a particluar Microsoft Jet program - related to the LOB I was trying to run via Terminal Services" was never provided.
0
 
Vee_ModCommented:
Starting the auto-close procedure on behalf of the question asker.

Vee_Mod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.