Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6661
  • Last Modified:

Cannot get application to run on an terminal server without a UAC popup

I have a Server 2008 R2 Standard server with 5 RDS CALs. They run the E2 Shop Tech software which is located on the D: drive under the Data share. The data share has full access rights for Domain Users. When a user clicks on the programs icon, a UAC message pops ups asking Do you want to allow the software to make changes to your computer and asks for an administrators credentials. I tried to fix this thru by changing the Local Security Policies in various combinations, none if which worked. When I changed the last one, Run all administrators in admin Approval mode to disabled it wont run or prompt for credentials.  I added a user to the administrators group and he can run it. Any suggestions how to get this working for all users without being an admin.  Here are the current UAC Settings:
Local Security Policies, Local Policies, Security:
UAC: Admin Approval Mode for the Built-in Administrator account = Disabled
UAC: Allow UIAccess applications to prompt for elevation without using secure desktop = Enabled
UAC: Behavior of the elevation prompt for administrator in admin approval mode = Elevate without prompting
UAC: Behavior of the elevation prompt for standard users = prompt for credentials
UAC: Detect application and prompt for elevation = Disabled
UAC: Only elevate executables that are signed and validated = Disabled
UAC: Only elevate UIAccess applications that are installed in secure locations = Disabled
UAC: Run all administrators in Admin approval mode = Disabled
UAC: Switch to the secure desktop when prompting foe elevation = Enabled
UAC: Virtualize file and registry write failures to per-user locations = Enabled
0
THEarle
Asked:
THEarle
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Davis McCarnOwnerCommented:
From this: http://serverfault.com/questions/178360/grant-admin-rights-to-a-certain-program-for-all-users

Thanks for the answers, this is how I ended up solving it:

1.Create a Scheduled Task in the task scheduler. The scheduled task launches the application. Set the task to run at highest privilege level.
2.Create a shortcut on the desktop of all the users needing to run the application. The shortcut ended up looking like this: C:\Windows\System32\schtasks.exe /run /tn "Name of task"
The only downside of this is that i need to create a separate task for every user, but I think it works just fine.
0
 
Brian BIndependant Technology ProfessionalCommented:
Two things to check.

1. Was the application installed as a remote desktop application via control panel? The server needs to configure it properly.
2. Does its vendor support running it on a Remote Desktop (terminal) server? Some programs just don't work in that environment.

I am assuming of course that this program runs fine on a standalone workstation with user credentials, or does it require admin privleges there as well?
0
 
CoralonCommented:
I don't know anything about this particular piece of software, but I obviously have a heavy TS/Citrix background.   If your app is tripping the UAC flag, then some protected area is being modified by the application.  

The first thing to do is dig out SysInternals Process Monitor and see where you are getting tripped up.  One of the more common things is the app may be trying to write to a log file under the Windows directory, one of the Program Files directories, or maybe even the ProgramData directory.  

Coralon
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
THEarleAuthor Commented:
Thanks everyone for your feedback.  I will be going on site in a day or so to try the scheduled task solution and begin the program trace with SysInternals.
The program was loaded from the server console not thru RDS.  The program was not loaded to the C:\Program Files\ folder, it was isolated in the D:\Data share where user rights are full.   I thought the UAC policy for protected areas was the solution but that did not work.  I will keep up on my progress. Thanks.
0
 
CoralonCommented:
You are correct about UAC being for the protected system areas (c:\windows c:\program files c:\program files (x86) c:\programdata c:\users etc.)  But, the fact that you are still tripping UAC even though the app is being installed to a non-system area, means that there is almost certainly a component of the app that is writing to a protected area (either memory or file system).

Coralon
0
 
THEarleAuthor Commented:
Sorry I have not been able to get onsite yet, as soon as I can I will update you.
0
 
THEarleAuthor Commented:
I've requested that this question be deleted for the following reason:

Solved with tech support from the vendor.
0
 
Brian BIndependant Technology ProfessionalCommented:
I am objecting because I asked you to confirm if the program was installed as a remote desktop application and it sounds like that fact you didn't do this was part of the problem. Could you please provide a more thorough explanation of what finally solved the problem? This answer will also help other who may have the same problem as you.
0
 
THEarleAuthor Commented:
I apologize for asking for deletion, I simply wanted to close the open case. I also apologize for not getting back to this case timely. The solution to the problem was indeed a permission problem. Despite being installed on D:, the vendor admitted that they do have hard code pointing to c:\winodws to setup some temp and log files. UAC did have to be turned off completely in order to install and run the application. Once that was done and we allowed the app to write to protected area, it installed correctly.  Thank you very much for your help and again I am sorry I did not properly close the case in a timely manner.
0
 
CoralonCommented:
I'd ask that you award some points for this.  I pointed out exactly the problem that your vendor confirmed - writing to a protected area (c:\windows\).  And TBone2k also asked some relevant questions (install mode).  

Thanks,

Coralon
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now