Re: Run as Administrator on a limited account
From: *Vanguard* (no-email_at_reply-to-newsgroup.invalid)
Date: 05/11/04
- Next message: Mac: "xp pro"
- Previous message: Malke: "Re: Slow downs"
- In reply to: Matador: "Run as Administrator on a limited account"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 May 2004 22:05:48 -0500
Matador said in news:8D4F2084-18D3-43F7-A3B4-88564F4A9995@microsoft.com:
> Hi,
>
> I have a couple of limited accounts besides my administrator account
> on my PC with XP Pro.
>
> I have a program that requires administrator privileges to run, but I
> dont want to give the other users my admin passwords so then can use
> the run as... command.
>
> Is there any way to let this users run this program with
> administrator privileges without even knowing they are doing it (so
> their accounts behave as the admin account just while they are
> running this program)?
>
> Thanks for your help
I haven't tried this but did some probing in the Group Policy Editor
(gpedit.msc); the local security policy editor (secpol.msc) would have
worked, too, since I'm not on a domain for the host I was checking at the
time. Under the tree node:
Computer Configuration
Security Settings
Software Restriction Policies
I don't think anything was listed under that node so it looked like a
useless definition. I right-clicked on that node, was told there were no
policies were in place, and opted to create them. Kerplunk, a whole bunch
of subkeys appeared one of which is titled "Additional Rules". Looking in
there is where it seems you define paths (to applications) that you can let
users run while disregarding security policies (based on account type). A
little bit of research at http://support.microsoft.com/ for Windows XP on
"software restriction policies additional rules" yielded:
Description of the Software Restriction Policies in Windows XP
http://support.microsoft.com/?kbid=310791
Sounds like a huge hole in security. Since this must-run-as-administrator
program - and which accessible to limited users - probably lets them delete,
move, rename, or edit files using its File menu, you will end up giving
limited users the same rights as administrator.
-- ____________________________________________________________ *** Post replies to newsgroup. Share with others. *** Email: domain = ".com" and append "=NEWS=" to Subject. ____________________________________________________________
- Next message: Mac: "xp pro"
- Previous message: Malke: "Re: Slow downs"
- In reply to: Matador: "Run as Administrator on a limited account"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
