Core business application that will only run when logged into PC as an administrator

I am about to take on a new customer. They have some issues that I want to address before agreeing on a monthly support arrangement.

The main issue that they have is that they have an application that will not run properly unless the user has admin rights.

The PCs are running either Windows 7 or 8.1.

According to the staff there, the application will not run if you try to "run as administrator" . The user themselves have to be local admins on the PCs. The network is a peer to peer set up with no server.

This obviously causes issues. We are pressurizing the software vendor to resolve the issue and my customer is unable to use an alternative.

I have to find some way of securing these PCs whilst still allowing access to the troublesome system.

I thought that maybe hosting the application on a RDS server might be one solution. Perhaps an Azure VM.  Just publishing the Application.

Does anyone have any thoughts on this option or do you have other ideas?

Thanks
LVL 1
roy_battyDirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kola12Commented:
You can add rights (for nonadmin user) (full) to directory where application are installed.  And for the same user in regedit add full rights for hklm\software\apps - where apps is name your application.
Reboot system and try to run application on nonadmin user
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
Hi.

The vendor should be able to answer in a very short time - why don't you have his answer yet :) ?
Isolating the application to a shared remote system where the users would get admin rights is not the best idea. If they are admin, they can easily spy on one another, that would require real security skills to prevent that. Isolating it to a VDI environment ("each user  gets his 'own' VM") would be the solution.

If you keep it simple, without virtualization or remote publishing, you would need a 3rd party software. Beyondtrust's software powerbroker can isolate applications so that granting full rights securely for just one application would become a (costly) option. http://www.beyondtrust.com/Products/PowerBrokerforWindows/
0
roy_battyDirectorAuthor Commented:
Thanks for the advice. I will try your suggestion kola12. If that doesnt work then I suppose powerbroker is an option. It is pricey and the minimum licenses they sell is 25. I only need 14 but it is an option if I need it.

Thanks
0
McKnifeCommented:
Roy, don't forget to give feedback if that solved your problem. Normally, you would try the suggestion first and then select it as answer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.