User rights - installing Remote Desktop ActiveX Control.

[Naran McClung]

Hi all

As part of our CISCO VPN client, the Remote Desktop ActiveX Control
(11/08/2002) as part of 'Microsoft Windows XP Publisher' must be installed.

Currently, only Windows 2000 users with Local Administrator user rights are
able to install this control. Standard Windows 2000 users cannot.

Is there any easy way to loosen up security in Windows 2000 to allow
standard users to be able to install this control? Or similar controls?

Cheers,

Naran.

 

[Seaver]

Dear Naran,

Thank you for your posting.

According to your post, you wonder how to bypass Admin requirement to
finish ActiveX Control's installation.

If I have misunderstood your concern please don't hesitate to let me know.

1. Based on our supporting policy and our commitments, Microsoft cannot
make any assistance in helping customers break any permission restriction.
If the Active X Control is necessary, I suggest that you contact the
related Domain Administrator to grant the necessary permission.

2. As one standard user, you may test to install the Remote Desktop Client
utility, designed for Win9x and Win2K users, instead from the following URL:
http://www.microsoft.com/windowsxp/pro/downloads/rdclientdl.asp

Hope it help!

Sincerely,

Seaver Ren

Product Support Services
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights
Get Secure! - www.microsoft.com/security

 

[Naran McClung]

Sorry Seaver, maybe I wasn't clear enough...

As it happens, I am a current Win2k MCSE/MCSA and a DA where I work

My question is based aroung trying to understand the area of the OS that is
blocking 'standard' Win2K users from installing/registering the latest
Remote Desktop ActiveX control (msrdp.ocx). Would it be fair to say that if
I (or anyone for that matter) didn't have the appropriate user rights, I
wouldn't be able to alter security anyway?

That being said - would I need to alter security settings on
"C:\WINNT\Downloaded Program Files" or anywhere else?

Cheers,

Naran.

 

[Vera Noest [MVP]]

My guess is that installation of ActiveX demands more than only
permissions to parts of the file system. I would suspect that quite
some registry keys are involved as well.

What I routinely do when I test a new program for admission in our
company is this:

* start with a freshly installed client OS
* make a dump of the registry to a textfile. There are several
utilities that can do this. I use regdmp, I think from the Resource
Kit.
* install the application as administrator
* make a new dump of the registry
* compare the regdumps before and after installation with WinDiff.

You will see every change that has been made to the registry during
application installation.
Then it's up to you to decide if you want to give your users the
necessary rights to these specific registry keys.

You can do the same with the filesystem.

 

[Naran McClung]

Thanks Vera, I will have a look...

Naran.

My guess is that installation of ActiveX demands more than only
permissions to parts of the file system. I would suspect that quite
some registry keys are involved as well.

What I routinely do when I test a new program for admission in our
company is this:

* start with a freshly installed client OS
* make a dump of the registry to a textfile. There are several
utilities that can do this. I use regdmp, I think from the Resource
Kit.
* install the application as administrator
* make a new dump of the registry
* compare the regdumps before and after installation with WinDiff.

You will see every change that has been made to the registry during
application installation.
Then it's up to you to decide if you want to give your users the
necessary rights to these specific registry keys.

You can do the same with the filesystem.

--
Vera Noest
MCSE,CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
*----------- Please reply in newsgroup -------------*