Solved

Cannot get application to run on an terminal server without a UAC popup

Posted on 2013-01-23
10
5,933 Views
Last Modified: 2014-02-19
I have a Server 2008 R2 Standard server with 5 RDS CALs. They run the E2 Shop Tech software which is located on the D: drive under the Data share. The data share has full access rights for Domain Users. When a user clicks on the programs icon, a UAC message pops ups asking Do you want to allow the software to make changes to your computer and asks for an administrators credentials. I tried to fix this thru by changing the Local Security Policies in various combinations, none if which worked. When I changed the last one, Run all administrators in admin Approval mode to disabled it wont run or prompt for credentials.  I added a user to the administrators group and he can run it. Any suggestions how to get this working for all users without being an admin.  Here are the current UAC Settings:
Local Security Policies, Local Policies, Security:
UAC: Admin Approval Mode for the Built-in Administrator account = Disabled
UAC: Allow UIAccess applications to prompt for elevation without using secure desktop = Enabled
UAC: Behavior of the elevation prompt for administrator in admin approval mode = Elevate without prompting
UAC: Behavior of the elevation prompt for standard users = prompt for credentials
UAC: Detect application and prompt for elevation = Disabled
UAC: Only elevate executables that are signed and validated = Disabled
UAC: Only elevate UIAccess applications that are installed in secure locations = Disabled
UAC: Run all administrators in Admin approval mode = Disabled
UAC: Switch to the secure desktop when prompting foe elevation = Enabled
UAC: Virtualize file and registry write failures to per-user locations = Enabled
0
Comment
Question by:THEarle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 38814750
From this: http://serverfault.com/questions/178360/grant-admin-rights-to-a-certain-program-for-all-users

Thanks for the answers, this is how I ended up solving it:

1.Create a Scheduled Task in the task scheduler. The scheduled task launches the application. Set the task to run at highest privilege level.
2.Create a shortcut on the desktop of all the users needing to run the application. The shortcut ended up looking like this: C:\Windows\System32\schtasks.exe /run /tn "Name of task"
The only downside of this is that i need to create a separate task for every user, but I think it works just fine.
0
 
LVL 24

Expert Comment

by:Brian B
ID: 38815326
Two things to check.

1. Was the application installed as a remote desktop application via control panel? The server needs to configure it properly.
2. Does its vendor support running it on a Remote Desktop (terminal) server? Some programs just don't work in that environment.

I am assuming of course that this program runs fine on a standalone workstation with user credentials, or does it require admin privleges there as well?
0
 
LVL 25

Expert Comment

by:Coralon
ID: 38817154
I don't know anything about this particular piece of software, but I obviously have a heavy TS/Citrix background.   If your app is tripping the UAC flag, then some protected area is being modified by the application.  

The first thing to do is dig out SysInternals Process Monitor and see where you are getting tripped up.  One of the more common things is the app may be trying to write to a log file under the Windows directory, one of the Program Files directories, or maybe even the ProgramData directory.  

Coralon
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:THEarle
ID: 38828555
Thanks everyone for your feedback.  I will be going on site in a day or so to try the scheduled task solution and begin the program trace with SysInternals.
The program was loaded from the server console not thru RDS.  The program was not loaded to the C:\Program Files\ folder, it was isolated in the D:\Data share where user rights are full.   I thought the UAC policy for protected areas was the solution but that did not work.  I will keep up on my progress. Thanks.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 38829288
You are correct about UAC being for the protected system areas (c:\windows c:\program files c:\program files (x86) c:\programdata c:\users etc.)  But, the fact that you are still tripping UAC even though the app is being installed to a non-system area, means that there is almost certainly a component of the app that is writing to a protected area (either memory or file system).

Coralon
0
 

Author Comment

by:THEarle
ID: 38857857
Sorry I have not been able to get onsite yet, as soon as I can I will update you.
0
 

Author Comment

by:THEarle
ID: 39868297
I've requested that this question be deleted for the following reason:

Solved with tech support from the vendor.
0
 
LVL 24

Expert Comment

by:Brian B
ID: 39868298
I am objecting because I asked you to confirm if the program was installed as a remote desktop application and it sounds like that fact you didn't do this was part of the problem. Could you please provide a more thorough explanation of what finally solved the problem? This answer will also help other who may have the same problem as you.
0
 

Author Comment

by:THEarle
ID: 39868400
I apologize for asking for deletion, I simply wanted to close the open case. I also apologize for not getting back to this case timely. The solution to the problem was indeed a permission problem. Despite being installed on D:, the vendor admitted that they do have hard code pointing to c:\winodws to setup some temp and log files. UAC did have to be turned off completely in order to install and run the application. Once that was done and we allowed the app to write to protected area, it installed correctly.  Thank you very much for your help and again I am sorry I did not properly close the case in a timely manner.
0
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 39871825
I'd ask that you award some points for this.  I pointed out exactly the problem that your vendor confirmed - writing to a protected area (c:\windows\).  And TBone2k also asked some relevant questions (install mode).  

Thanks,

Coralon
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question