Want to block users from being power users...

QwertyJuan

[H]F Junkie
Joined
Aug 17, 2000
Messages
11,285
I have a buncha users that I have as power users, since the software we use will not work as a normal user... problem is, they can install stuff on the local machine that way. How can I have ONE program run as a poweruser/admin/whatever, but have the rest of the system as a restricted user??

Thanks for your time,
QJ
 
What's up Qwerty.

In XP, you can choose to run a program as a different user. Right-click the shortcut, select Advanced, then check "Run with different credentials". When you execute the program, it will prompt which user to run it as. You may have to read up on how to make it not prompt for a password each time.

MSDN has an in-depth article on the subject.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/tchDevelopingSoftwareInVisualStudioNETWithNon-AdministrativePrivileges.asp
 
you need to find out what specifically the app needs to run. usualy is just read/wring on its prgra files dir. adding users to the pwoer users/admin group the wrong way to do it. you can use some of the tools from sys internals like file mon and regmon to try to determine what the app requires the user to access. also look at an app called setACL to modify regsitery permissions. i would try giving them r-w-x on the apps programfiles dir first.
 
oakfan52 said:
you need to find out what specifically the app needs to run. usualy is just read/wring on its prgra files dir. adding users to the pwoer users/admin group the wrong way to do it. you can use some of the tools from sys internals like file mon and regmon to try to determine what the app requires the user to access. also look at an app called setACL to modify regsitery permissions. i would try giving them r-w-x on the apps programfiles dir first.

How would I do this?? Just right click the folder and add it there? Can I add an AD group instead of just a single user, incase someone else in the same group wants to use the program??

QJ
 
yes, i work in fairly large invironment with over 2K users at just the site i work at. So i typically will assign the permisions to the domian users group.
 
ktwebb said:
Tell me you work for free.

Pretty much, yes :)

I have another job at my place of work, and they decided to make a network, and since I was the only one that knew anything about them, I got the job. So bascially since I have the same pay as before, and an extra job, yes, I work for free. Does that bother you?

QJ

P.S. My network has been up and running without hardly a problem for 2 years. Just because I ask a question doesn't mean I have a problem... I am just 'looking ahead' for potential problems, and trying to have a solution ahead of time.
 
Did it work?

Usually yes, it's a permissions things. Even if it's a registry thing, it's usually permissions there too.

regedt32 for setting permissions on registry keys.
 
I will find out within the next week... I just received a new version of the program, and am reformatting 45 machines and putting the new version on then(actually formating one and ghosting to the rest... they are all identical machines)

Hopefully the new version will work as a restricted user.... if not I will try what you guys have said. Thanks, to all... even to ktwebb, for without him I really don't know what I'd do.... I love you man!!

QJ
 
Back
Top