|
Posted by tony houlihan on November 13, 2007, 8:54 am
Please log in for more thread options Thanks for the post anthony however the installation is not really the
problem it's running the program for the first time that creates an issue as
admin rights appear to be needed to create registry entries and register an
OCX. Again for only 20 users not really a problem but they are using full
roaming profiles and the client was all users to be setup with the
application on all computers! 20 x 20 = 400 logons.... not really something
I fancy doing!
> You just need to create an msi package for it, using a packaging tool.
> Then you can keep admin rights restricted. Or you could use a script or a
> deployment tool to run the setup.
> Anthony, http://www.airdesk.co.uk
>
>
>> Thanks for the reply,
>>
>> part of the problem with this application is that we know it's only on
>> the first run of the application, we know that it needs to register an
>> OCX on first run but as for the registry..... I guess regmon will need to
>> be used.
>>
>> Thanks for the reply.
>>
>> Tony
>>> tony houlihan wrote:
>>>> I understand that under windows 2000 the EPAL.exe program could be used
>>>> to run a program which required a higher level of privilages than that
>>>> of the logged in user but is this program usable under server 2003.
>>>>
>>>> In addition to this does anyone know a better way of addressing this
>>>> situation:
>>>>
>>>> company with 20 client computers and 20 users. A legacy application is
>>>> needed on all clients with all users using roaming profiles needing
>>>> access to the program. The legacy app requires the user to have Admin
>>>> rights on the first log in and lauch of the application (presumably to
>>>> modify the HKEY\Local Users\ somthing key registry section), obviously
>>>> this presents a headache for installation and
>>>> administration..............
>>>
>>> If I were you I'd find out what the program is trying to do that causes
>>> it to fail as a normal user. If it's trying to add a registry key as you
>>> have suggested, then you could perhaps push out the correct values via a
>>> Group Policy instead of running the program elevated.
>>>
>>> Perhaps the program needs to be able to write to some files in its
>>> program folder, in which case you could relax filesystem permissions on
>>> the particular files that it uses.
>>>
>>> In my opinion, it's better to relax the security on a couple of files or
>>> registry keys (depending on what they are, of course) than to run the
>>> whole program with admin rights.
>>>
>>> Regmon and Filemon are invaluable tools for these situations:
>>>
>>> http://www.microsoft.com/technet/sysinternals/default.mspx
>>>
>>>
>>> --
>>> Chris.
>>
>
>
| 
XML Sitemap