I am not allowed to make users Local Admins and one application continues to give me a Registry Key Access Error. I need another solution to grant access to this specific registry key

We just moved an acquired office over to our DOMAIN. They are used to using an IMAGE software called ACCURAIMAGE by LUMTRON. On their domain they were all local admins and had proper permissoins to run this app. Our domain has a policy that does not allow individual workstations to be local admins and after I migrated the image server over to our domain, they all get an error now "Acdess to registry key HKEY_LOCAL_MACHINE\software\aidmc is denied" But if a local admin or domain admin log into the workstation the application runs fine. I need to find a way around this and grant limited permissions so users can access this key.
LVL 1
Thor2923Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wynandkunkelCommented:
Try to make the users members of the "power users" on the workstations.  This allows for admin-type access to the registry without making the domain user a local admin.
0
Thor2923Author Commented:
nope, good idea but did not work...I am hoping there is a local policy or permissions I can modify
0
Mark GalvinManaging Director / Principal ConsultantCommented:
You could add the relevant reg key to a GPO and have it applied that way?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Thor2923Author Commented:
the GPO is the kind of thing I was hoping to find out about. Could you elaborate on that more? Are you talking about a Domain GPO or one on the local PC?
0
Mark GalvinManaging Director / Principal ConsultantCommented:
OK. Lets go back a few steps.

What is it that the app needs to access the registry for? IS it simply to add a key?

thanks
Mark
0
Thor2923Author Commented:
I am not sure what you mean. I attached a copy of the error and a copy of the registry I tried to give the local user permission to. The APP is pulling up images on an IMAGE server with a product called AccurImage on it. I have made the user a local admin on the server but that did not help. This app only works if a user is a local or domain admin.
image.docx
0
Mark GalvinManaging Director / Principal ConsultantCommented:
Emmmm. Have you tried logging this with the APP vendor to find out why the APP needs the user to be a local admin?

I have come across apps like this before and I NEVER give users local admin rights as it creates a mess later, not to mention virus/malware etc.

And each APP is different so going to the source is the best.

What I was getting at before was that if the APP is trying to add something to the registry and that value is static then you could try adding the same key using GPO (domain GPO). http://technet.microsoft.com/en-us/library/cc753092.aspx 

Sorry

Mark
0
Thor2923Author Commented:
I have tried contacting the vendor and the remind me I am running an "old version" of their program and users "should" not need admin rights, but they have not come up with anything. I will try with them one more time..I will read your article...thanks
0
Darr247Commented:
Instead of giving them admin rights on the whole machine, try giving the Users group ownership of the key.
In the registry, right-click the key and choose Permissions...
Registry Permissions
In the Permissions dialog, click the Advanced button
In the Advanced dialog go to the Owner tab.
Click the Other users or groups... button.
Type in Users, and click Check Names...
HostName\Users should appear. Click OK.
Back on the Owner tab, select the Users group, check the Replace owner on subcontainers and objects box, then click OK.
Click OK on the Permissions dialog, close the registry editor, reboot and see if your user[s] can use the program properly without admin access.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.