and in a final follow up.....
regmon officially rocks! i found the keys in about 4 tries... enabled access to them and blammo it ran fine. now to create a script for this to apply next time this happens & i'm set. Thanks for all the pointers!!
-Chri
----- Chris Porter wrote: ----
Thanks! i'm going to give this a shot. i found a document on msft that outlined what the differences were between a power user and a regular user.. after applying all of those settings to files & reg keys.. still nothing. so here's hoping :
i've tried talking to intuit about this, but their support database is 'extensive' and has what i would guess to be 3 articles in it about anything.. and their training is just about as good. if i ask about registry keys, their response will probably be something like "so & so has already been married, and their gift registry is closed"
(yeah i'm a bit bummed by them... at the moment
o and get this.... their 2004 version is out.... still no security stuff taken in to account...
Thanks for your help
-Chri
----- Steven L Umbach wrote: ----
Hi Chris
Try contacting the publisher to see if they can tell you what registry/folde
permissions need to be changed to allow a regular user to run their application
Sounds kind of nuts that a 2003 application still requires users to have excessiv
permissions. If they refuse to help or act stupid, then you may try using the fre
tools filemon and regmon from SysInternals to roll your own permissions changes. Yo
need to logon as a regular user and then use runas to invoke filemon and then rea
the log where access is denied. Make the necessary change and try again. You may nee
to do the same with regmon
If that does not work you can apply the compatws.inf template to that server whic
will change permissions so that regular users will have the same permissions as
power user but not the additional rights such as the ability to create shares and no
admin users, but still not recommended on a domain controller. I don't see how yo
can possibly give them admin permissions to a domain controller because then everyon
will be a domain administrator and you do NOT want that and may have to resort t
installing another server to use as TS and not make it a domain controller - believ
me the cost would be justified. --- Stev
http://www.sysinternals.com/ntw2k/source/filemon.shtm
http://www.microsoft.com/windows200...dows2000/en/server/help/sag_SCEdefaultpols.ht
chrisporter said:
term-serve is created specifically for users to connect to quickbooks2003 whic
requires "Power User" rights or higher. this is fine for all of our XP machines o
the netowrk as they offer both local and domain logins.. but my PDC becuase its a PD
doesnt have a local login anymore, and therefore, no "Power Users Group". It appear
that there is no way around this except to give all users Admin rights.. which fo
obvious reasons is just stupid.
