How to track dpwn programs that fail in Restricted User Ac..

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Hi,

Are there any tools or sources that help to track down why certain programs
fail to work (properly) in Restricted User Accounts.

I do not intend to grant every user Administrative rights.

TIA,
John7
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support (More info?)

The most common issue with these programs is that they attempt to write info
to places that the Restricted User doesn't have permission to write to - the
root directory and the Windows directory, etc

"John7" wrote:

> Hi,
>
> Are there any tools or sources that help to track down why certain programs
> fail to work (properly) in Restricted User Accounts.
>
> I do not intend to grant every user Administrative rights.
>
> TIA,
> John7
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Hi,

This should help:
http://rickrogers.org/xpsware.htm

You will find that much depends on how the program installation routine was
written. There is generally no need to make all users administrators. The
majority of the time the users will need read and execute permissions added
to the program installation folder.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"John7" <NoSp@mm.com> wrote in message
news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> Hi,
>
> Are there any tools or sources that help to track down why certain
> programs
> fail to work (properly) in Restricted User Accounts.
>
> I do not intend to grant every user Administrative rights.
>
> TIA,
> John7
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Like Nutcase says, very often it is just need for modify grant to Users
group on the c:\program files\application-install-point folder
so it is worth a try before digging in more deeply with the tools from
sysinternals. However, if you are dealing with an old application,
Win9x era or worse, this may well not be sufficient and for some
it may be impossible to make the prog work in limited account.

--
Roger Abell
Microsoft MVP (Windows Security)

"John7" <NoSp@mm.com> wrote in message
news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> Hi,
>
> Are there any tools or sources that help to track down why certain
programs
> fail to work (properly) in Restricted User Accounts.
>
> I do not intend to grant every user Administrative rights.
>
> TIA,
> John7
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

John7 wrote:

> Are there any tools or sources that help to track down why certain
> programs fail to work (properly) in Restricted User Accounts.
>
> I do not intend to grant every user Administrative rights.
Hi,

One way is to use Sysinternals RegMon/FileMon utilities to try to find
what registry keys and file system folders the application need write
access to and set rights accordingly for the locked down user account.

RegMon/FileMon is available for free here:

http://www.sysinternals.com


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:%23AU1T0HgFHA.3540@TK2MSFTNGP14.phx.gbl...
> John7 wrote:
>
> > Are there any tools or sources that help to track down why certain
> > programs fail to work (properly) in Restricted User Accounts.
> >
> > I do not intend to grant every user Administrative rights.
> Hi,
>
> One way is to use Sysinternals RegMon/FileMon utilities to try to find
> what registry keys and file system folders the application need write
> access to and set rights accordingly for the locked down user account.
>
> RegMon/FileMon is available for free here:
>
> http://www.sysinternals.com
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx

Thx for responding,

I knew these Sysinternal tools already but was curious
to learn about a All-In-One tool that covers all issues.

John7
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support (More info?)

And some times registry locations such as CLSID, if the program registers
DLLs on the fly

- Adam

"Roger Abell" wrote:

> Like Nutcase says, very often it is just need for modify grant to Users
> group on the c:\program files\application-install-point folder
> so it is worth a try before digging in more deeply with the tools from
> sysinternals. However, if you are dealing with an old application,
> Win9x era or worse, this may well not be sufficient and for some
> it may be impossible to make the prog work in limited account.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "John7" <NoSp@mm.com> wrote in message
> news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> > Hi,
> >
> > Are there any tools or sources that help to track down why certain
> programs
> > fail to work (properly) in Restricted User Accounts.
> >
> > I do not intend to grant every user Administrative rights.
> >
> > TIA,
> > John7
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support (More info?)

"Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
news:5D4518CC-82DA-469A-9937-B297461E2679@microsoft.com...
> And some times registry locations such as CLSID, if the program registers
> DLLs on the fly
>
> - Adam
>

Yes, but that is one grant I would not like to give to Users.
I have no real issue with granting Users write over the reg
key structure of a specific application in HKLM\Software
when that is needed by a misbehaved app.

--
Roger Abell
Microsoft MVP (Windows Security)


> "Roger Abell" wrote:
>
> > Like Nutcase says, very often it is just need for modify grant to Users
> > group on the c:\program files\application-install-point folder
> > so it is worth a try before digging in more deeply with the tools from
> > sysinternals. However, if you are dealing with an old application,
> > Win9x era or worse, this may well not be sufficient and for some
> > it may be impossible to make the prog work in limited account.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> >
> > "John7" <NoSp@mm.com> wrote in message
> > news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> > > Hi,
> > >
> > > Are there any tools or sources that help to track down why certain
> > programs
> > > fail to work (properly) in Restricted User Accounts.
> > >
> > > I do not intend to grant every user Administrative rights.
> > >
> > > TIA,
> > > John7
> > >
> > >
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support (More info?)

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:eZDF8VfgFHA.1372@TK2MSFTNGP10.phx.gbl...
> "Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
> news:5D4518CC-82DA-469A-9937-B297461E2679@microsoft.com...
> > And some times registry locations such as CLSID, if the program
registers
> > DLLs on the fly
> >
> > - Adam
> >
>
> Yes, but that is one grant I would not like to give to Users.
> I have no real issue with granting Users write over the reg
> key structure of a specific application in HKLM\Software
> when that is needed by a misbehaved app.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
>
> > "Roger Abell" wrote:
> >
> > > Like Nutcase says, very often it is just need for modify grant to
Users
> > > group on the c:\program files\application-install-point folder
> > > so it is worth a try before digging in more deeply with the tools from
> > > sysinternals. However, if you are dealing with an old application,
> > > Win9x era or worse, this may well not be sufficient and for some
> > > it may be impossible to make the prog work in limited account.
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > >
> > > "John7" <NoSp@mm.com> wrote in message
> > > news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> > > > Hi,
> > > >
> > > > Are there any tools or sources that help to track down why certain
> > > programs
> > > > fail to work (properly) in Restricted User Accounts.
> > > >
> > > > I do not intend to grant every user Administrative rights.
> > > >
> > > > TIA,
> > > > John7
> > > >
> > > >
> > >


Thank you all for responding.

So I would need to stick to Sysinternals, RegMon, FileMon, ProcExp(lorer).
Is there no All-In-One tool ?

Would these MS tools be of any use to track down Restricted User Account
issues?
- Pstat
- ACT (Application Compatibility Tool)


TIA,
John7
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support (More info?)

ACT is of use especially for older software, that is, when it is
not simply a permissions issue but one of the application using
depricated API calls, etc..

There is not, to my awareness, a all-in-one, point at the application
and provide the account and its password, and wait tool.
Things are probably too situational and the return on effort too small
for anyone to have developed such a tool.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"John7" <NoSp@mm.com> wrote in message
news:dahama$iah$1@news2.zwoll1.ov.home.nl...
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:eZDF8VfgFHA.1372@TK2MSFTNGP10.phx.gbl...
> > "Adam White" <AdamWhite@discussions.microsoft.com> wrote in message
> > news:5D4518CC-82DA-469A-9937-B297461E2679@microsoft.com...
> > > And some times registry locations such as CLSID, if the program
> registers
> > > DLLs on the fly
> > >
> > > - Adam
> > >
> >
> > Yes, but that is one grant I would not like to give to Users.
> > I have no real issue with granting Users write over the reg
> > key structure of a specific application in HKLM\Software
> > when that is needed by a misbehaved app.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> >
> >
> > > "Roger Abell" wrote:
> > >
> > > > Like Nutcase says, very often it is just need for modify grant to
> Users
> > > > group on the c:\program files\application-install-point folder
> > > > so it is worth a try before digging in more deeply with the tools
from
> > > > sysinternals. However, if you are dealing with an old application,
> > > > Win9x era or worse, this may well not be sufficient and for some
> > > > it may be impossible to make the prog work in limited account.
> > > >
> > > > --
> > > > Roger Abell
> > > > Microsoft MVP (Windows Security)
> > > >
> > > > "John7" <NoSp@mm.com> wrote in message
> > > > news:daar1m$5sj$1@news1.zwoll1.ov.home.nl...
> > > > > Hi,
> > > > >
> > > > > Are there any tools or sources that help to track down why certain
> > > > programs
> > > > > fail to work (properly) in Restricted User Accounts.
> > > > >
> > > > > I do not intend to grant every user Administrative rights.
> > > > >
> > > > > TIA,
> > > > > John7
> > > > >
> > > > >
> > > >
>
>
> Thank you all for responding.
>
> So I would need to stick to Sysinternals, RegMon, FileMon, ProcExp(lorer).
> Is there no All-In-One tool ?
>
> Would these MS tools be of any use to track down Restricted User Account
> issues?
> - Pstat
> - ACT (Application Compatibility Tool)
>
>
> TIA,
> John7
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom