I have 3 programs that have to run on a system running windows XP pro irrespective of who logs on to it but the problem is that these programs can't run on a limited user account only on a administrative user account and i need to create limited user accounts with these programs still running. What do I do to be able to allow these programs run in a limited user accoun tunder administrative mode without giving the limited user account administrative privileges.
How do i do this??
- Thread starter donmayor
- Start date
- Status
talldude123
Banned
- Messages
- 7,915
well, the program is probably very old (80s-90s area) so you would have to right click on the program --> compatibility --> and set the compatiblity modes properly. I hope that works! 
Here is what you do... First, you have to figure out why the program needs admin access. Use the following to find this...
FileMon http://www.sysinternals.com/Utilities/Filemon.html
Regmon http://www.sysinternals.com/Utilities/Regmon.html
On XP, you can do a runas on any .exe. Do that on these programs for the limited user account. Watch the process name of the application you are looking at. run the program as the limited user. These will tell you all about the file/folders(Filemon) and registry keys (regmon) that are not nativley allowed by the OS. Then you can add access back to the locations for these users by using the Authentiacted Users group.
if you need help with this, let me know. I work as a contractor for a very tightly controlled Company, where my job consists of finding ways to allow users to do things admins and power users can. It's a lot of fun, but can be a pain at times too...
Good luck
FileMon http://www.sysinternals.com/Utilities/Filemon.html
Regmon http://www.sysinternals.com/Utilities/Regmon.html
On XP, you can do a runas on any .exe. Do that on these programs for the limited user account. Watch the process name of the application you are looking at. run the program as the limited user. These will tell you all about the file/folders(Filemon) and registry keys (regmon) that are not nativley allowed by the OS. Then you can add access back to the locations for these users by using the Authentiacted Users group.
if you need help with this, let me know. I work as a contractor for a very tightly controlled Company, where my job consists of finding ways to allow users to do things admins and power users can. It's a lot of fun, but can be a pain at times too...
Good luck
This is what I was talking about...
if you right click on a program, or shift right click depending... you get the option, "Run As". if you select that, you are given a dialog. in that dialog you can specify the account to use to run the program. if you use an admin network/local credential, they run as that account. so, let say you have user1 (local machine account) and net_user1 (Domain Account) who are both member of the Local machine group called Administrators. Then lets say you have a program called APP1. This app requires access to files in %systemroot%, which is protected, so when you launch the program as a non admin user, you will get an error. If you run it as an admin, you will not get an error. This is what I was describing you in my previous post.
If you run Filemon, as an admin, when the non admin is logged on, you will see access Denied errors in several things. These should be the files that the user can not access.
If you go to the specific file, and right click it, then select properties, you should be given window with several tabs on it. Select the security tab. in the middle of the window is an add button, click that and then in the new box, type Authenticated users and then click apply. if you spell it wrong, then it will tell you it can't find it. Also check to see if you are looking at local machine versus domain.
This should allow you to do what you need. Hope it helps.
Good luck
if you right click on a program, or shift right click depending... you get the option, "Run As". if you select that, you are given a dialog. in that dialog you can specify the account to use to run the program. if you use an admin network/local credential, they run as that account. so, let say you have user1 (local machine account) and net_user1 (Domain Account) who are both member of the Local machine group called Administrators. Then lets say you have a program called APP1. This app requires access to files in %systemroot%, which is protected, so when you launch the program as a non admin user, you will get an error. If you run it as an admin, you will not get an error. This is what I was describing you in my previous post.
If you run Filemon, as an admin, when the non admin is logged on, you will see access Denied errors in several things. These should be the files that the user can not access.
If you go to the specific file, and right click it, then select properties, you should be given window with several tabs on it. Select the security tab. in the middle of the window is an add button, click that and then in the new box, type Authenticated users and then click apply. if you spell it wrong, then it will tell you it can't find it. Also check to see if you are looking at local machine versus domain.
This should allow you to do what you need. Hope it helps.
Good luck
- Status
Similar threads
