Re: Administrator rights for legacy appliations

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Feng Mao (fengmao_at_online.microsoft.com)
Date: 08/06/04 

Date: Fri, 06 Aug 2004 11:11:54 GMT

Hi Will,

Thank you for posting!

I am not sure why these applications have to be run under administrator
privilege. They need read/write Registry keys/System files or need run
services. If it is the case, personally, I agree with Vera's suggestion. Or
you can add these users to Power Users group, and add Power Users group to
have the permission to access the registry key or system files.

Please understand that Administrators group has much more powers than
accessing Registry keys or system files.

Have a nice day!

Thanks & Regards,

Feng Mao [MSFT], MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Subject: Re: Administrator rights for legacy appliations
| From: "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
| References: <#pssRcveEHA.708@TK2MSFTNGP09.phx.gbl>
| Message-ID: <Xns953CDEA9D4C95veranoesthemutforsse@207.46.248.16>
| User-Agent: Xnews/5.04.25
| Newsgroups: microsoft.public.windows.terminal_services
| Date: Thu, 05 Aug 2004 12:53:18 -0700
| NNTP-Posting-Host: md4691df5.utfors.se 212.105.29.245
| Lines: 1
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.terminal_services:16042
| X-Tomcat-NG: microsoft.public.windows.terminal_services
|
| I would download FileMon and RegMon from
| http://www.sysinternals.com/. Run them as administrator, start
| a TS session as a normal user and try to run the application.
|
| FileMon and RegMon will show you all "access denied" errors
| that occur, so that you can give your users the necessary
| permissions on a file-to file or Registry subkey basis.
|
| Even if you manage to have users run the application without
| making them Administrators, you still have a security problem,
| since you actually are using your DC as a multiple-user
| workstation. I would try to purchase a second server as soon as
| possible, and make that a dedicated TS (as a member server in your
| domain).
|
| --
| Vera Noest
| MCSE, CCEA, Microsoft MVP - Terminal Server
| http://hem.fyristorg.com/vera/IT
| --- please respond in newsgroup, NOT by private email ---
|
| "Will G" <wgrever@crcm.edu> wrote in
| news:#pssRcveEHA.708@TK2MSFTNGP09.phx.gbl:
|
| > I am running W2K3 standard srever with Terminal Services in
| > application mode and this box is the only server in the forest /
| > domain / enterprise (my AD lingo is not what it should be) any
| > way, it is the only serer so it is also the one and only domain
| > controler.
| >
| > My problem is that I have several applicatons on the server
| > that require
| > the user to have admin rights in order for the applicatoin to
| > function properly. I do not want to give full admin right to
| > the users when they log on to a TS session to run these
| > applications, but I have been unable to come up with any other
| > solution. My impression is that these applications are doing
| > something in the registry, but I am not sure.
| >
| > Is there a way to have a TS session with the user having
| > Administrator
| > rights of the session but not local Admin rights on the server
| > itself? And would this solve my problem?
| >
| > Thank you,
| > Technet alias: wgrever@crcm.edu
|

Relevant Pages

  • Re: User Unable to Launch Application
    ... Such applications are normally *not* good candidates for TS ... Can you run Solidsworks in a TS session with a testuser account ... Run it as administrator on the server, ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)
  • Re: ActiveX is installed but runs only for Administrator
    ... My application runs only for the Administrator who installed the ... Some applications create HKEY_CURRENT_USER registry settings the ... installation, and WHILE THE SERVER IS STILL IN INSTALL MODE. ...
    (microsoft.public.windows.terminal_services)
  • RE: Connect to server desktops RWW
    ... I can send the registry file if you would like, ... missing in RWW. ... Actually RWW will show different links when a user or administrator logs on ... Run the MPSRPT_NETWORK.EXE on the server box. ...
    (microsoft.public.windows.server.sbs)
  • Re: HKEY_LOCAL_MACHINE Registry Access
    ... > administrator on the W2K3 box and authenticate as the local administrator ... I connect to the remote registry with no problems. ... > application specific for Exchange Server 2003. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: computer account and application management strategy
    ... > you intend to run all programs as users but install applications as ... > administrator, you can run same install again after it is already ... > by administrator and it will make necessary registry changes for the user ... It may not work all the time with all the applications ...
    (microsoft.public.windowsxp.setup_deployment)