[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Running published Internet Explorer with Admin privilege

Posted on 2014-08-02
7
Medium Priority
?
1,215 Views
Last Modified: 2014-08-22
We are running an web based application which installs some .dll based add ins before executing and it requires admin privilege to install the same. This is a one time installation for individual user.

The application is published through Citrix 6.5. I have checked that if we can run Internet Explorer with ADMIN privilege then, these add ins get installed successfully, otherwise error is occurring.

Can you please provide me a BATCH SCRIPT that will launch Internet Explorer with ADMIN privilege? That means, if any restricted user runs Internet Explorer, that will be launched with ADMIN privilege.
0
Comment
Question by:hchabria
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Accepted Solution

by:
Coralon earned 1600 total points
ID: 40237766
You actually don't need to.   It's a simple registry key you can set at the system level.
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Value Name: c:\program files (x86)\internet explorer\iexplore.exe
Value Data: RUNASADMIN

That will cause IE to always run for them as admin..

If you want to script it, I'd add it as a compatibility script, you can also run it as a Group Policy Preference, etc.
Compatibility script - http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/A_9235-How-USRLOGON-CMD-processing-works.html
Base script:
reg add "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\program files (x86)\internet explorer\iexplore.exe" /d RUNASADMIN /t REG_SZ'

Open in new window


Coralon
0
 

Author Comment

by:hchabria
ID: 40238322
I have added the following registry but still not working.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Value Name: c:\program files (x86)\internet explorer\iexplore.exe
Value Data: RUNASADMIN

While loading the add-ins while launching the web page it is giving Access Denied error.
0
 
LVL 23

Assisted Solution

by:rhandels
rhandels earned 400 total points
ID: 40241134
First off i wouldn't advice anyone to start the application for the user as an admin user specially on a Citrix (SBC) machine. That being said, isn't this the article that you are looking for? Using the RUNASADMIN in my opinion only "disables" the UAC setting meaning the user still has to be an admin user itself for this to work. If the user isn't an admin himself this option won't work.

http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_26441352.html
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 1600 total points
ID: 40242793
The best option is to get the Addins preinstalled.  In fact, I am currently working on a similar challenge at work.

The first thing to do is put your system in Install Mode (change user /install) and run your website and get the controls installed.  

Track where they get installed to.. ideally, they should go to System32 or SysWow64. At that point, they should be universally available, and hopefully the web page will be able to identify it, and realize they are installed and available.

Coralon
0
 

Author Comment

by:hchabria
ID: 40250302
http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_26441352.html is helpful for me.

I am using below Command line in Citrix while publishing the application-

"c:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://x.x.x.x/qcbin/start_a.htm"

The correct .vbs script mentioned in the provided link is-

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100
oShell.Sendkeys "Manchester10~"
Wscript.Quit

Open in new window


where I have to replace the line oShell.Run "<Command line>" with my Command line that already mentioned. Please let me know the Command line that I should use.

Also, I have some confusion and request you to clear. What is "/PROJECT:Clarks"? Is Clarks the user name with admin privilege?

Please help me on this.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40252530
I think that the Project:Clarks is a command line argument to start that specific project.

Your command line would be something familiar to this. Problem is that, when starting this, it will most probably ask for a password. But this would be a good place to start.

oShell.Run "runas /user:domainname\administrator """c:\Program Files (x86)\Internet Explorer\iexplore.exe http://x.x.x.x/qcbin/start_a.htm""

Still however i would not do this on a Citrix machine, start IE as an admin.. Why not, as coralon stated, preinstall them?? Normally all addins can be preinstalled, just try to find the installation files.. You'd be better of then.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 40257381
You may need to put the layers value under the WoW6432Node.  (It's always tricky because of the registry redirection).  Since your are using 32bit IE, that may be your answer.

Coralon
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Suggested Courses
Course of the Month19 days, 12 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question