Running programs for non-previleged users on XP

Archived from groups: microsoft.public.win2000.security (More info?)

Scenario
===========

(1) You write a program using some programming language, say, C#.

(2) You make an assembly out of the program by compiling it. It is a
single module assembly.

(3) You create a setup program for this.

(4) During the setup, the user, an administrator group user, selects
the option, "Install this program for all the people who use this
computer, and not just for me."

(5) The administrator group user finishes installing the program. Then
he goes on to use it. He is able to use it.

(6) The administrator group user logs off.

(7) Another user, let's call him by the name John, who's only a
"regular user" who does not belong to the administrator group (not even
a Power User), logs in and wants to use the program. He double-clicks
on the program exe icon on the desktop. It doesn't work for him.


Questions:
============
(1) Is is even possible or a reasonable demand that the user who does
not have administrative previliges be able to use the program. It must
be noted that the intention is so, since the administrator who
installed the program supplied the choice "Install for everyone" while
installing it.

(2) If it is possible and a reasonable demand, how can it be
accomplished?


* I present an oversimplified version of the problem only to focus on
the bare essentials of the problem.
3 answers Last reply
More about running programs previleged users
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Sounds like a permission problem. Check your NTFS permissions on the folder
    where the program has installed. Verify the user can / cannot acces that
    folder. Also check the root drive for the presence of "Creater Owner" in the
    NTFS Permissions. That group will only give the creater of folders/files
    permission to read. All other non adims will be denied.

    "Sathyaish" wrote:

    > Scenario
    > ===========
    >
    > (1) You write a program using some programming language, say, C#.
    >
    > (2) You make an assembly out of the program by compiling it. It is a
    > single module assembly.
    >
    > (3) You create a setup program for this.
    >
    > (4) During the setup, the user, an administrator group user, selects
    > the option, "Install this program for all the people who use this
    > computer, and not just for me."
    >
    > (5) The administrator group user finishes installing the program. Then
    > he goes on to use it. He is able to use it.
    >
    > (6) The administrator group user logs off.
    >
    > (7) Another user, let's call him by the name John, who's only a
    > "regular user" who does not belong to the administrator group (not even
    > a Power User), logs in and wants to use the program. He double-clicks
    > on the program exe icon on the desktop. It doesn't work for him.
    >
    >
    > Questions:
    > ============
    > (1) Is is even possible or a reasonable demand that the user who does
    > not have administrative previliges be able to use the program. It must
    > be noted that the intention is so, since the administrator who
    > installed the program supplied the choice "Install for everyone" while
    > installing it.
    >
    > (2) If it is possible and a reasonable demand, how can it be
    > accomplished?
    >
    >
    > * I present an oversimplified version of the problem only to focus on
    > the bare essentials of the problem.
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    It really depends on what the program was written to do.
    For example, if in brain-dead fashion the application had been written to
    access for Write specific areas, like c:\Windows or some key in HKLM,
    as part of its initialization, then you would experience this scenario.

    I really do not understand your question 2, and also whether you are
    saying "demand" in the context that a .Net developer would use that term.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Sathyaish" <Sathyaish@Yahoo.com> wrote in message
    news:1116862782.530525.182880@g44g2000cwa.googlegroups.com...
    > Scenario
    > ===========
    >
    > (1) You write a program using some programming language, say, C#.
    >
    > (2) You make an assembly out of the program by compiling it. It is a
    > single module assembly.
    >
    > (3) You create a setup program for this.
    >
    > (4) During the setup, the user, an administrator group user, selects
    > the option, "Install this program for all the people who use this
    > computer, and not just for me."
    >
    > (5) The administrator group user finishes installing the program. Then
    > he goes on to use it. He is able to use it.
    >
    > (6) The administrator group user logs off.
    >
    > (7) Another user, let's call him by the name John, who's only a
    > "regular user" who does not belong to the administrator group (not even
    > a Power User), logs in and wants to use the program. He double-clicks
    > on the program exe icon on the desktop. It doesn't work for him.
    >
    >
    > Questions:
    > ============
    > (1) Is is even possible or a reasonable demand that the user who does
    > not have administrative previliges be able to use the program. It must
    > be noted that the intention is so, since the administrator who
    > installed the program supplied the choice "Install for everyone" while
    > installing it.
    >
    > (2) If it is possible and a reasonable demand, how can it be
    > accomplished?
    >
    >
    > * I present an oversimplified version of the problem only to focus on
    > the bare essentials of the problem.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    If I am understanding your question correctly, yes it is very reasonable to
    insist a user be able to use an application without having Admin rights.
    I've banged heads with multiple vendors over the years. One distributed
    software that Reservation agents had to use for their phone functions. By
    default the software would not run without Admin rights. What didn't seem
    reasonable was they were telling me I had to make every reservation agent a
    local admin on each and every computer. The agents couldn't do their job
    without the software and I couldn't have them as local admins. I ended up
    going through the registry and NTFS permissions granting users access, until
    I found out how to make their software run as a local user.

    In my opinion, developers need to take the time to make their setup packages
    set all the appropriate permissions up front. It absolutely wrong to insist
    on running the software under the Local Admin context.

    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:u8R9LMTYFHA.2572@TK2MSFTNGP14.phx.gbl...
    > It really depends on what the program was written to do.
    > For example, if in brain-dead fashion the application had been written to
    > access for Write specific areas, like c:\Windows or some key in HKLM,
    > as part of its initialization, then you would experience this scenario.
    >
    > I really do not understand your question 2, and also whether you are
    > saying "demand" in the context that a .Net developer would use that term.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Sathyaish" <Sathyaish@Yahoo.com> wrote in message
    > news:1116862782.530525.182880@g44g2000cwa.googlegroups.com...
    >> Scenario
    >> ===========
    >>
    >> (1) You write a program using some programming language, say, C#.
    >>
    >> (2) You make an assembly out of the program by compiling it. It is a
    >> single module assembly.
    >>
    >> (3) You create a setup program for this.
    >>
    >> (4) During the setup, the user, an administrator group user, selects
    >> the option, "Install this program for all the people who use this
    >> computer, and not just for me."
    >>
    >> (5) The administrator group user finishes installing the program. Then
    >> he goes on to use it. He is able to use it.
    >>
    >> (6) The administrator group user logs off.
    >>
    >> (7) Another user, let's call him by the name John, who's only a
    >> "regular user" who does not belong to the administrator group (not even
    >> a Power User), logs in and wants to use the program. He double-clicks
    >> on the program exe icon on the desktop. It doesn't work for him.
    >>
    >>
    >> Questions:
    >> ============
    >> (1) Is is even possible or a reasonable demand that the user who does
    >> not have administrative previliges be able to use the program. It must
    >> be noted that the intention is so, since the administrator who
    >> installed the program supplied the choice "Install for everyone" while
    >> installing it.
    >>
    >> (2) If it is possible and a reasonable demand, how can it be
    >> accomplished?
    >>
    >>
    >> * I present an oversimplified version of the problem only to focus on
    >> the bare essentials of the problem.
    >>
    >
    >
Ask a new question

Read More

Windows XP Programming Language Windows