XP: Sharing programs

[Mavicator]

I need to set up an account for another user on my laptop. I need to allow one program to be shared, and that's it. I've got the account running and I've set all my personal folders to private, but when I try to run the one program I need to share under the second account, it cannot run.

I tried reinstalling the program into the shared directory, no luck. I tried installing again while using the second account, no luck. I've set the folder to share, no luck. THe program will only run if I give him admin status which I cannot do. What am I missing here???

-- Ah sh*t! sys64738 --

 

[NickM]

> <font color=green>"...THe program will only run if I give him admin status which I cannot do. What am I missing here???"</font color=green>

- OS?

 

[Mavicator]

XP as in the title of the post. Hehe! Prolly should have put that in the post somewhere. Come to think of it, I wonder why XP doesn't have it's own forum...

-- Ah sh*t! sys64738 --

 

[NickM]

> <font color=green>"Come to think of it, I wonder why XP doesn't have it's own forum... "</font color=green>

I see.. You added the XP: to the topic. (Professional, I believe?) That’s good.
But this mixture of 95/98/ME/XP is weird. People posted messages “I have a question about Windows virtual memory..”
And the answers were coming from both sides: Win9x/Me and NT, without asking what is the original poster’s OS!

After been seeing that, I wouldn’t be surprised to read something like “I logon as Administrator in WinME…” hhehehh .
But seriously, the NT4 forum is dying, and ….I don’t know.

Ok, let's go to work. My concern was OS: XP Home Edition might not have NTFS Read and Execute Folder and File Permissions to manipulate with, also Access Control List. OK, as Administrator I go to Administrative Tools, Computer Management, then there I right-click Users, then New User, give the name Oldhand, then password: 123, User cannot change the password, Password never expired, OK.
After that right-click on Oldhand, Properties, add Group OraDBA (you can leave User as it is), that’s it.

Logoff from Administrator, Switch user, I see Oldhand is there, OK logon as Oldhand. …..New desktop, ...I go to Start, All Programs, Oracle..
Everything is working on Oracle!

Trying to implement some of Windows Administrator’s tasks...- No way! Not allowed. Only Oracle! And less important stuff.

OK, I hope everything working similar way on your machine until this point? Now let's go further. So, what seems to be the problem? Should we grant some permissions to our User in order to run a specific program? And put security on folders, other programs? Probably to make visible only one specific program in Start > All Programs menu? No other icons?

 

[Mavicator]

Well, the more specific deal is, my boss needs to use my personal laptop to send firmware updates to electronic equipment every now and then. I don't want him reading my email, lurking through my files, etc, etc, etc. The only things he will need to be able to do are run one specific program for which he will need the ability to change its stored data (all in the program's folder). He will also need networking and internet access to download or LAN data files. That's all.

I don't wanna even give him access to my IE favs. Knowing him, he'll walk away and one of the nosey office girls will start snooping for anything they can find. They've been known to even read personal emails when users walk away.

Thanks for the help. It seems such a simple task but I just can't get it working properly. Also, this is Win XP Pro to be specific. Maybe all the extra admin features have me confused.

-- Ah sh*t! sys64738 --

 

[stable]

I would start looking for other places "the program" is running to/from. In other words, if the user needs some kind of write priveleges to a directory other than where "the program" runs from.

It would be a big help to know what "the program" is as this application seems to be your culprit.

As for read/write/save, internet and email access; all that should work fine uner a normal account, and would have each individual user having unique favorites, email settings, etc...

Generally, if you login with admin rights, install "The application" and then set the folder (with sub-folder navigation enabled) of where the application up as a share with priveleges to all levels of users, it should work. Some programs actually write data to other folders when running. Depending on the program and how it was designed, it may attempt to actually write data to the a sub-folder of the profile identity of the person whom installed it. If you find this folder, you can share it also to be used by all users and this should solve your problem.

Good Luck
Steve Benoit

Stable Technologies
'The way IT should be!'

 

[NickM]

> <font color=green>"That could be a whole lot of fun. Plant all kinds of rumours, bad employee evaluations, etc.
And you couldn't get blamed because they were looking at personal material. Man I could have a lot of fun if I could get away with something like that at work."</font color=green>

LOL! We worried because the laptop had not enough security ...
I cried because I had no shoes until I met a man with no feet.

 

[NickM]

Hi Mavicator:

How are you getting on with your laptop security? Any improvement?

There's some more on the topic:

<b>Microsoft® Windows® XP: User Accounts and Fast User Switching:</b>

<A HREF="http://windowsxp.devx.com/articles/fus/default.as" target="_new">http://windowsxp.devx.com/articles/fus/default.as</A>

Read to the end. There're more links there. I think you're doing the right thing. Enabling the the security on users, I mean.

 

[Mavicator]

Thanks for all the input. I just got back from a work trip so I haven't messed around with it yet.

Stable, oh great one: The program is PMAC Executive, a program for handling firmware modifications in PMAC terminals. I think I've done everything you suggested unless I'm missing a step. I install with the user set to admin status, then switch him back to limited. Logging back on as myself, I set the properties of the folder to share with all users. The program will start, but cannot access any data. It acts like it's never been configured before.

Nick: Thanks. I'll read that page tonight.

-- Ah sh*t! sys64738 --

 

[NickM]

Just my ¢2 here again: when create users’ accounts don’t use somebody’s real names, let people think that it is your usual logon. Don’t provide any clue that there is something hidden there. Give some neutral user names: Dell, Toshiba, User1, Admin...
Better hide the menu with all users from the logon screen, probably use standard desktop.

 

[Mavicator]

I always use standard desktop. Other than the fancy-looking windows it's hard to tell my XP from 2000.

-- Ah sh*t! sys64738 --

 

[NickM]

Good. Still thinking about catering for your co-workers. In case you have the Administrator login, rename the Administrator and create a fake Administrator with not much rights granted.
Thanks for the "What is an Easter Egg?". Having fun.

 

[Mavicator]

Heh! Glad you liked that one. And great idea on the dummy admin logon. I'm going to create a dummy logon with no password, and set the machine up with no desktop items and no taskbar. Then I'll set the background image to a BSOD! LOL! I'll have them sh!tting their pants. It will work. They no nothing of such pranks.

-- Ah sh*t! sys64738 --

 

[stable]

Logon as you with admin rights.

Start registry editor (Start, Run, regedit)
Go to HKEY_LOCAL_MACHINE\SOFTWARE and then select the name of the program your are using from there.

Look at the default directory structures to ensure all of them point to a common location from C:\Program Files\Program Name XYZ\ and data is in C:\Program Files\Program Name XYZ\DATA\

This will ensure proper relationships for everyone.
Once that is set, you should have your program also setup to use these same common directories.

Chances are pretty good that when you get to this section in the editor, you will at least see the directory that it is NOW using and simply share that directory and edit the other users' registry pointers to point to that same place and of course give "Everyone" permission to share that directory.

Steve<P ID="edit"><FONT SIZE=-1><EM>Edited by stable on 12/10/01 02:03 AM.</EM></FONT></P>

 

[Mavicator]

When I switch the user we will call bozo to admin, the program functions perfectly. When "limited" is selected for bozo's rights, the following occurs upon startup of the app:

- The program starts perfectly.
- I click on "Open terminal" which should start communication with a PMAC terminal.
- The program gives me a message saying "You must first select a device to communicate with" even though I've already done that (with admin rights).
- I click "Select device" which normally (with admin rights) would bring up a small window showing the one device I'm connected to via serial cable.
- Nothng happens. THe button clicks but that is all. No window pops up, nothing. It's as if the button has no function assigned to it.
- Switch to admin rights for bozo, everything is fine.

-- Ah sh*t! sys64738 --