Give an app admin privaledges - How?

  • Thread starter Thread starter Fran
  • Start date Start date
F

Fran

I have a program that is heavily used by the production workforce. The
app requires administrative privaledges for some reason (writes stuff
to certain files, not sure on the details here.)

The app does not use the registry on installation but may use it to
save some info. It is a Client / Server application.

For the time being the old admin. gave all users local admin rights.
This is a mess as our systems are now covered with spyware, adware,
etc from crap downloaded and installed in ignorance by users.

I want to reduce the typical user's level to Domain User or at most,
Power User (but NOT administrator.)

How can I grant this one (or maybe two) application(s) administrative
privaledges WITHOUT giving the USER admin privaledges?

(note: Examples are REALLY welcomed... ;)

<Fran>
 
Since this app is not certified for Windows ( meaning it needs admin
privileges to function), you will need to identify what registry hives and
directories it touches.
You could then grant the domain users group the necessary access to those
local resources.
Alternatively, you could use the runas method to run the program as a
different special domain user account that has local admin privileges. I'm
not sure how to seamlessly and securely (encrypt the password) set this up
though.

Thats all I can think of.
 
Since this app is not certified for Windows ( meaning it needs admin
privileges to function), you will need to identify what registry hives and
directories it touches.
You could then grant the domain users group the necessary access to those
local resources.
Alternatively, you could use the runas method to run the program as a
different special domain user account that has local admin privileges. I'm
not sure how to seamlessly and securely (encrypt the password) set this up
though.

Thats all I can think of.
Click to expand...
yes, ive seen app's like that where they needed admin to run but for
those ones it was solved by giving domain users full access to the
folder into which they were installed.
 
Fran said:
I have a program that is heavily used by the production workforce. The
app requires administrative privaledges for some reason (writes stuff
to certain files, not sure on the details here.)

The app does not use the registry on installation but may use it to
save some info. It is a Client / Server application.
Click to expand...

Try using regmon and filemon from www.sysinternals.com to see what registry
hives and files the application is accessing. You can then set granular
permissions on only those files, folders and hives to allow the application
to run with normal user permissions.
 
Thanks, guys. I'll grab these utilities (are they free???) and try
those solutions! THis has been a problem with this company for some
time and they'll be happy to have a good solution (as will I...I don't
need any more gray hairs!)
 
Thanks, guys. I'll grab these utilities (are they free???)
Click to expand...

Yes, they are free. While you are there have a look at some of the other
utilities they have (all free). The PSTools are a particularly handy suite.
 
Andy,

How do I set permissions to specific keys in the registry? This is new
to me...

<Fran>
 
Fran said:
Andy,

How do I set permissions to specific keys in the registry? This is new
to me...
Click to expand...

In the Group Policy Editor navigate to Computer Config/Windows
Settings/Security/Registry
Right click to add the key that you want to alter the permissions on, then
assign the permissions you want for the key.

Regards
Andy.
 
Thanks, Andy. That seems simple enough. I'll try all this and see if
it works for us. I really appreciate your help!
 
Back
Top