Archived from groups: microsoft.public.windowsxp.general (
More info?)
Bruce Chambers wrote:
> Nelson B wrote:
>
>> I'm running win XP home with 4 restricted user accounts for 4 kids.
>>
>> I have two programs that ran OK on WinME and run just fine under an
>> admin account on XP, but don't run properly under a restricted account.
>> One is a Disney game. The other is the "well of souls" multi-user game.
>>
>> I can let the kids run those programs as the admin user using the "Run
>> As"
>> feature, but to do that they need the admin password, so they're always
>> asking me to type it in for them.
>>
>> So, I want a way to allow those just two programs to always run as an
>> admin user, without having to enter the admin password each time they
>> run.
>> Is there any way to do that?
>
>
>
> However, you may experience some problems if the software was
> designed for Win9x/Me, or if it was intended for WinNT/2K/XP, but was
> improperly designed. Quite simply, the application doesn't "know" how to
> handle individual user profiles with differing security permissions
> levels, or the application is designed to make to make changes to
> "off-limits" sections of the Windows registry or protected Windows
> system folders.
>
> For example, saved data are often stored in a sub-folder under the
> application's folder within C:\Program Files - a place where no
> inexperienced or limited user should ever have write permissions.
>
> It may even be that the software requires "write" access to parts of
> the registry or protected systems folders/files that are not normally
> accessible to regular users. (This *won't* occur if the application is
> properly written.) If this does prove to be the case, however, you're
> often left with three options: Either grant the necessary users
> appropriate higher access privileges (either as Power Users or local
> administrators),
Does XP home have power users?
> explicitly grant normal users elevated privileges to
> the affected folders and/or part(s) or the registry,
That might help with the disney program. The well of souls program was
installed by the restricted user in his own "My documents" directory,
so file/folder access is not an issue for that one.
I fear the registry is so disorganized that finding the relevant parts
of it would be the proverbial needle-haystack excersize.
> or replace the
> application with one that was properly designed specifically for
> WinNT/2K/XP.
>
> Some Programs Do Not Work If You Log On from Limited Account
>
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091
>
> Additionally, here are a couple of tips suggested, in a reply to a
> different post, by MS-MVP Kent W. England:
>
> "If your game or application works with admin accounts, but not with
> limited accounts, you can fix it to allow limited users to access the
> program files folder with "change" capability rather than "read" which
> is the default.
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:c
>
> where "appfolder" is the folder where the application is installed.
>
> If you wish to undo these changes, then run
>
> C:\>cacls "Program Files\appfolder" /e /t /p users:r
>
> If you still have a problem with running the program or saving
> settings on limited accounts, you may need to change permissions on
> the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
> where "vendor\app" is the key that the software vendor used for your
> specific program. Change the permissions on this key to allow Users
> full control."
I'll try these with the disney app.
In the meantime, if someone does find a way to do a WinXP equivalent of
the Unix/Linux "setuid root", do post it here.
Thanks.