Give access for an application and not for users

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a server with a shared folder "Share" :
\\Server\Share
The users (on WinXP en Win2k worstations) run an application "Application.exe"
I want to denie access for the users on "\\Server\Share" but i want to allow
access for "Application.exe" when a user run it.

I've try many tests, but "Application.exe" have the same rights than the
user who run it.

RUNAS is not a good tool because he ask for password, and i don't want to
give the password to the users.

PS: i can't recompil "Application.exe" (it's not my software)

Someone can give me an idee ?
 
Florent said:
I have a server with a shared folder "Share" :
\\Server\Share
The users (on WinXP en Win2k worstations) run an application
"Application.exe" I want to denie access for the users on
"\\Server\Share" but i want to allow access for "Application.exe"
when a user run it.

I've try many tests, but "Application.exe" have the same rights than
the
user who run it.

RUNAS is not a good tool because he ask for password, and i don't
want to give the password to the users.

PS: i can't recompil "Application.exe" (it's not my software)

Someone can give me an idee ?
Click to expand...

I'm not sure what you're asking to do. You're saying you want to deny
access - do you mean you don't want them to be able to see/browse the parent
folder/share where the app's exe file lives? But still allow them to launch
the file itself?
 
Lanwench said:
I'm not sure what you're asking to do. You're saying you want to deny
access - do you mean you don't want them to be able to see/browse the parent
folder/share where the app's exe file lives? But still allow them to launch
the file itself?
Click to expand...

The Application is in the folder C:\Program Files\...
but need to access to \\Server\Share (to read/modify with some files on
network).
In this shared folder, there are documents in clear text, and i do not want
tha a user browse or modify a file.
But Application.exe need to access this folder.
The "\\Server\Share$" syntax hide the shared folder, but if a user find the
name, he can see/modify the content => it is not a good solution.

Thanks for your help
 
I've try many tests, but "Application.exe" have the same rights than
Yes, this is the case in general -- the application
IS the user.

Unless you are the programmer and can invoke the
various system mechanisms for "impersonation" or
"delegation".

Or create some such scheme (like Runas does):

So there is no way to have the program run as
a user OTHER than the one it is invoked by.

This means that we MUST find a way to invoke
is as the required user - you have (likely correctly)
eschewed runas (we could hid this in a batch file
with a password, but that is a poor practice anyway.)

Another method is to arrange to have a background
task (running under another user run it.)

You probably have to think through when, how
often, how quickly, etc you want this to run.
 
There is a tool out there called SANUR.exe. Google it. This will let you
do a "RUNAS" with a password included.
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Lanwench [MVP - Exchange]"
 
Back
Top