Allow user to run a *.exe file from a USB key

[Jd]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

We have several users with USB Drives. The drives come with encryption
software however, to use the software users require administrative rights to
the workstation. We cannot grant this right. I am looking for a work
around. Using Group Policies, can I grant users the administrative right to
run a particular *.exe file?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

Actually the software probably just needs some "write access" on one or two
files, not necessarily Admin access. There are a few ways to figure out what
files the users need to be able to write to. Just to start, run regedit and
give the users full control over the HKEY_Local_Machine - Software - Software
name of company key.

What I do is I login as an Admin, I look at the time, I run the application,
and then I do a search (all files including Windows files MUST be visible +
extensions) for all files modified today. I look at the time and it gives a
good idea of any files that have been just "written to". Ignore the system
files and anything with the .dat

I haven't found an app yet that "requires admin access" that I can't get
running under a regular user with just a few permissions tweeks.

Also, I have found with the USB drives, if I load the drives once as an
admin then the users can use them all the time after that.

Cheers,

Lara

"JD" wrote:

> We have several users with USB Drives. The drives come with encryption
> software however, to use the software users require administrative rights to
> the workstation. We cannot grant this right. I am looking for a work
> around. Using Group Policies, can I grant users the administrative right to
> run a particular *.exe file?
>
>

 

[Jd]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Great advise. I will try this and let you know.

"lforbes" wrote:

> Hi,
>
> Actually the software probably just needs some "write access" on one or two
> files, not necessarily Admin access. There are a few ways to figure out what
> files the users need to be able to write to. Just to start, run regedit and
> give the users full control over the HKEY_Local_Machine - Software - Software
> name of company key.
>
> What I do is I login as an Admin, I look at the time, I run the application,
> and then I do a search (all files including Windows files MUST be visible +
> extensions) for all files modified today. I look at the time and it gives a
> good idea of any files that have been just "written to". Ignore the system
> files and anything with the .dat
>
> I haven't found an app yet that "requires admin access" that I can't get
> running under a regular user with just a few permissions tweeks.
>
> Also, I have found with the USB drives, if I load the drives once as an
> admin then the users can use them all the time after that.
>
> Cheers,
>
> Lara
>
> "JD" wrote:
>
> > We have several users with USB Drives. The drives come with encryption
> > software however, to use the software users require administrative rights to
> > the workstation. We cannot grant this right. I am looking for a work
> > around. Using Group Policies, can I grant users the administrative right to
> > run a particular *.exe file?
> >
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"=?Utf-8?B?bGZvcmJlcw==?=" <lforbes@discussions.microsoft.com> said

> Hi,
>
> Actually the software probably just needs some "write access" on one or
> two files, not necessarily Admin access. There are a few ways to figure
> out what files the users need to be able to write to. Just to start, run
> regedit and give the users full control over the HKEY_Local_Machine -
> Software - Software name of company key.
>
> What I do is I login as an Admin, I look at the time, I run the
> application, and then I do a search (all files including Windows files
> MUST be visible + extensions) for all files modified today. I look at
> the time and it gives a good idea of any files that have been just
> "written to". Ignore the system files and anything with the .dat
>
> I haven't found an app yet that "requires admin access" that I can't get
> running under a regular user with just a few permissions tweeks.
>

Excellent advice.
The other great tools to assist in doing this are regmon and filemon from
sysinterals.com.


--

Andy.