Allow user to run a *.exe file from a USB key

Archived from groups: microsoft.public.win2000.group_policy (More info?)

We have several users with USB Drives. The drives come with encryption
software however, to use the software users require administrative rights to
the workstation. We cannot grant this right. I am looking for a work
around. Using Group Policies, can I grant users the administrative right to
run a particular *.exe file?
3 answers Last reply
More about allow user file
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi,

    Actually the software probably just needs some "write access" on one or two
    files, not necessarily Admin access. There are a few ways to figure out what
    files the users need to be able to write to. Just to start, run regedit and
    give the users full control over the HKEY_Local_Machine - Software - Software
    name of company key.

    What I do is I login as an Admin, I look at the time, I run the application,
    and then I do a search (all files including Windows files MUST be visible +
    extensions) for all files modified today. I look at the time and it gives a
    good idea of any files that have been just "written to". Ignore the system
    files and anything with the .dat

    I haven't found an app yet that "requires admin access" that I can't get
    running under a regular user with just a few permissions tweeks.

    Also, I have found with the USB drives, if I load the drives once as an
    admin then the users can use them all the time after that.

    Cheers,

    Lara

    "JD" wrote:

    > We have several users with USB Drives. The drives come with encryption
    > software however, to use the software users require administrative rights to
    > the workstation. We cannot grant this right. I am looking for a work
    > around. Using Group Policies, can I grant users the administrative right to
    > run a particular *.exe file?
    >
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Great advise. I will try this and let you know.

    "lforbes" wrote:

    > Hi,
    >
    > Actually the software probably just needs some "write access" on one or two
    > files, not necessarily Admin access. There are a few ways to figure out what
    > files the users need to be able to write to. Just to start, run regedit and
    > give the users full control over the HKEY_Local_Machine - Software - Software
    > name of company key.
    >
    > What I do is I login as an Admin, I look at the time, I run the application,
    > and then I do a search (all files including Windows files MUST be visible +
    > extensions) for all files modified today. I look at the time and it gives a
    > good idea of any files that have been just "written to". Ignore the system
    > files and anything with the .dat
    >
    > I haven't found an app yet that "requires admin access" that I can't get
    > running under a regular user with just a few permissions tweeks.
    >
    > Also, I have found with the USB drives, if I load the drives once as an
    > admin then the users can use them all the time after that.
    >
    > Cheers,
    >
    > Lara
    >
    > "JD" wrote:
    >
    > > We have several users with USB Drives. The drives come with encryption
    > > software however, to use the software users require administrative rights to
    > > the workstation. We cannot grant this right. I am looking for a work
    > > around. Using Group Policies, can I grant users the administrative right to
    > > run a particular *.exe file?
    > >
    > >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "=?Utf-8?B?bGZvcmJlcw==?=" <lforbes@discussions.microsoft.com> said

    > Hi,
    >
    > Actually the software probably just needs some "write access" on one or
    > two files, not necessarily Admin access. There are a few ways to figure
    > out what files the users need to be able to write to. Just to start, run
    > regedit and give the users full control over the HKEY_Local_Machine -
    > Software - Software name of company key.
    >
    > What I do is I login as an Admin, I look at the time, I run the
    > application, and then I do a search (all files including Windows files
    > MUST be visible + extensions) for all files modified today. I look at
    > the time and it gives a good idea of any files that have been just
    > "written to". Ignore the system files and anything with the .dat
    >
    > I haven't found an app yet that "requires admin access" that I can't get
    > running under a regular user with just a few permissions tweeks.
    >

    Excellent advice.
    The other great tools to assist in doing this are regmon and filemon from
    sysinterals.com.


    --

    Andy.
Ask a new question

Read More

USB Software Windows