How to fool program into working for limited users in XP Pro

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,

I wasn't sure where to post this, so I thought I had tried here.

I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
computer after his old one was fried during a storm. After installing it and
making sure the "modem-on-hold" feature worked right I then proceeded to
test it in his children's limited user accounts to make sure they can get on
the net also.

Now, while his children were also able to log onto the net, the modem on
hold program (which until now was quite impressive) will only work for users
logged on as administrators.

This fact was verified by one of USR's support technicians who informed me
that they had no immediate plans to change it so it would work in limited
accounts.

Now this is a problem because he and his children all spend a lot of time on
the net, and until his name comes up on the broadband waiting list, a modem
is all they have between them and the net.

Now for the difficult question. I was able to get the modem on hold program
to work properly by using the "run as"(my brother's administrative account)
command while logged into one of the limited user accounts.

However, I can't just give his children his password and tell them to
remember to run the moh program before going on the net. That would defeat
the purpose of limiting his children's user accounts.

What I would like to do, is add to the
Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string that
would automatically start the moh program with administrator credentials in
the limited accounts without assigning his children's accounts administrator
privilages.

If possible, I would really like to set it up to run as a service with
"local system" or "network" credentials so that it wouldn't have to be set
up for each individual account separately.

So any help would be appreciated.

Thanks ahead of time.

Peace,

Jeff Bowen
(aka Sky Captain)
4 answers Last reply
More about fool program working limited users
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl,
    Jeffrey Bowen (formerly Sky Captain) <jwaynebo@hotpop.com> typed:
    > Hello,
    >
    > I wasn't sure where to post this, so I thought I had tried here.
    >
    > I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
    > computer after his old one was fried during a storm. After installing
    > it and making sure the "modem-on-hold" feature worked right I then
    > proceeded to test it in his children's limited user accounts to make
    > sure they can get on the net also.
    >
    > Now, while his children were also able to log onto the net, the modem
    > on hold program (which until now was quite impressive) will only work
    > for users logged on as administrators.
    >
    > This fact was verified by one of USR's support technicians who
    > informed me that they had no immediate plans to change it so it would
    > work in limited accounts.
    >
    > Now this is a problem because he and his children all spend a lot of
    > time on the net, and until his name comes up on the broadband waiting
    > list, a modem is all they have between them and the net.
    >
    > Now for the difficult question. I was able to get the modem on hold
    > program to work properly by using the "run as"(my brother's
    > administrative account) command while logged into one of the limited
    > user accounts.
    > However, I can't just give his children his password and tell them to
    > remember to run the moh program before going on the net. That would
    > defeat the purpose of limiting his children's user accounts.
    >
    > What I would like to do, is add to the
    > Hkey_Local_Machine\Software\Microsoft\Windows\run key a command
    > string that would automatically start the moh program with
    > administrator credentials in the limited accounts without assigning
    > his children's accounts administrator privilages.
    >
    > If possible, I would really like to set it up to run as a service with
    > "local system" or "network" credentials so that it wouldn't have to
    > be set up for each individual account separately.
    >
    > So any help would be appreciated.
    >
    > Thanks ahead of time.
    >
    > Peace,
    >
    > Jeff Bowen
    > (aka Sky Captain)

    Have you ever tried FileMon and RegMon from www.sysinternals.com ? Might
    help you figure out what/where this app is attempting to write to, that is
    being denied - so you can open up NTFS or registry permissions to those
    areas only.

    Another option might be to find a third party alternative to RunAs that does
    not leak passwords.... try google, or see
    http://nonadmin.editme.com/RunAsPro (I don't know anything about this in
    particular but it came up in a search I did recently).
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Thanks for the quick reply, Lanwench.

    I know that it has to do with how the modem on hold program is supposed to
    detect the presense of a valid moh modem. Basically at startup, the message
    I get in the limited accounts explains that a valid v92 modem can not be
    detected.

    At first, I thought it might be a firewall issue. So I set up a second
    administrator account and as with my brother's admin account, both modem and
    ICN (Internet Call Notification as USR calls it) worked fine. That is how I
    first suspected it only worked with admin accounts.

    I tried all kinds of tricks like giving the limited account holders full
    access to the System32 folder, but that didn't work. I also went into the
    local security policy area and gave them access rights to update and change
    firmware and trusted delegation rights.

    Anyway, I will look into the "RunAsPro" suggestion and get back to you and
    let you know how it worked today or tomorrow.

    Again, thanks for the quick reply and suggestions.

    Peace,

    Jeff
    (aka Sky Captain)
    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
    news:uBHAnaHpFHA.4088@TK2MSFTNGP15.phx.gbl...
    >
    >
    > In news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl,
    > Jeffrey Bowen (formerly Sky Captain) <jwaynebo@hotpop.com> typed:
    >> Hello,
    >>
    >> I wasn't sure where to post this, so I thought I had tried here.
    >>
    >> I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
    >> computer after his old one was fried during a storm. After installing
    >> it and making sure the "modem-on-hold" feature worked right I then
    >> proceeded to test it in his children's limited user accounts to make
    >> sure they can get on the net also.
    >>
    >> Now, while his children were also able to log onto the net, the modem
    >> on hold program (which until now was quite impressive) will only work
    >> for users logged on as administrators.
    >>
    >> This fact was verified by one of USR's support technicians who
    >> informed me that they had no immediate plans to change it so it would
    >> work in limited accounts.
    >>
    >> Now this is a problem because he and his children all spend a lot of
    >> time on the net, and until his name comes up on the broadband waiting
    >> list, a modem is all they have between them and the net.
    >>
    >> Now for the difficult question. I was able to get the modem on hold
    >> program to work properly by using the "run as"(my brother's
    >> administrative account) command while logged into one of the limited
    >> user accounts.
    >> However, I can't just give his children his password and tell them to
    >> remember to run the moh program before going on the net. That would
    >> defeat the purpose of limiting his children's user accounts.
    >>
    >> What I would like to do, is add to the
    >> Hkey_Local_Machine\Software\Microsoft\Windows\run key a command
    >> string that would automatically start the moh program with
    >> administrator credentials in the limited accounts without assigning
    >> his children's accounts administrator privilages.
    >>
    >> If possible, I would really like to set it up to run as a service with
    >> "local system" or "network" credentials so that it wouldn't have to
    >> be set up for each individual account separately.
    >>
    >> So any help would be appreciated.
    >>
    >> Thanks ahead of time.
    >>
    >> Peace,
    >>
    >> Jeff Bowen
    >> (aka Sky Captain)
    >
    > Have you ever tried FileMon and RegMon from www.sysinternals.com ? Might
    > help you figure out what/where this app is attempting to write to, that is
    > being denied - so you can open up NTFS or registry permissions to those
    > areas only.
    >
    > Another option might be to find a third party alternative to RunAs that
    > does not leak passwords.... try google, or see
    > http://nonadmin.editme.com/RunAsPro (I don't know anything about this in
    > particular but it came up in a search I did recently).
    >
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hi Jeffrey,

    Have you tried giving the limited accounts 'read & execute' or 'full
    control' permissions on the software's installation folder? Generally this
    resolves those types of issues.

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Jeffrey Bowen (formerly Sky Captain)" <jwaynebo@hotpop.com> wrote in
    message news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl...
    > Hello,
    >
    > I wasn't sure where to post this, so I thought I had tried here.
    >
    > I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
    > computer after his old one was fried during a storm. After installing it
    > and making sure the "modem-on-hold" feature worked right I then proceeded
    > to test it in his children's limited user accounts to make sure they can
    > get on the net also.
    >
    > Now, while his children were also able to log onto the net, the modem on
    > hold program (which until now was quite impressive) will only work for
    > users logged on as administrators.
    >
    > This fact was verified by one of USR's support technicians who informed me
    > that they had no immediate plans to change it so it would work in limited
    > accounts.
    >
    > Now this is a problem because he and his children all spend a lot of time
    > on the net, and until his name comes up on the broadband waiting list, a
    > modem is all they have between them and the net.
    >
    > Now for the difficult question. I was able to get the modem on hold
    > program to work properly by using the "run as"(my brother's administrative
    > account) command while logged into one of the limited user accounts.
    >
    > However, I can't just give his children his password and tell them to
    > remember to run the moh program before going on the net. That would defeat
    > the purpose of limiting his children's user accounts.
    >
    > What I would like to do, is add to the
    > Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string
    > that would automatically start the moh program with administrator
    > credentials in the limited accounts without assigning his children's
    > accounts administrator privilages.
    >
    > If possible, I would really like to set it up to run as a service with
    > "local system" or "network" credentials so that it wouldn't have to be set
    > up for each individual account separately.
    >
    > So any help would be appreciated.
    >
    > Thanks ahead of time.
    >
    > Peace,
    >
    > Jeff Bowen
    > (aka Sky Captain)
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Jeffrey Bowen (formerly Sky Captain) wrote:
    > Hello,
    >
    > I wasn't sure where to post this, so I thought I had tried here.
    >
    > I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
    > computer after his old one was fried during a storm. After installing it and
    > making sure the "modem-on-hold" feature worked right I then proceeded to
    > test it in his children's limited user accounts to make sure they can get on
    > the net also.
    >
    > Now, while his children were also able to log onto the net, the modem on
    > hold program (which until now was quite impressive) will only work for users
    > logged on as administrators.
    >
    > This fact was verified by one of USR's support technicians who informed me
    > that they had no immediate plans to change it so it would work in limited
    > accounts.
    >
    > Now this is a problem because he and his children all spend a lot of time on
    > the net, and until his name comes up on the broadband waiting list, a modem
    > is all they have between them and the net.
    >
    > Now for the difficult question. I was able to get the modem on hold program
    > to work properly by using the "run as"(my brother's administrative account)
    > command while logged into one of the limited user accounts.
    >
    > However, I can't just give his children his password and tell them to
    > remember to run the moh program before going on the net. That would defeat
    > the purpose of limiting his children's user accounts.
    >
    > What I would like to do, is add to the
    > Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string that
    > would automatically start the moh program with administrator credentials in
    > the limited accounts without assigning his children's accounts administrator
    > privilages.
    >
    > If possible, I would really like to set it up to run as a service with
    > "local system" or "network" credentials so that it wouldn't have to be set
    > up for each individual account separately.
    >
    > So any help would be appreciated.
    >
    > Thanks ahead of time.
    >
    > Peace,
    >
    > Jeff Bowen
    > (aka Sky Captain)
    >
    >


    You may experience some problems if the software was designed for
    Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
    designed. Quite simply, the application doesn't "know" how to handle
    individual user profiles with differing security permissions levels, or
    the application is designed to make to make changes to "off-limits"
    sections of the Windows registry or protected Windows system folders.

    For example, saved data are often stored in a sub-folder under the
    application's folder within C:\Program Files - a place where no
    inexperienced or limited user should ever have write permissions.

    It may even be that the software requires "write" access to parts
    of the registry or protected systems folders/files that are not normally
    accessible to regular users. (This *won't* occur if the application is
    properly written.) If this does prove to be the case, however, you're
    often left with three options: Either grant the necessary users
    appropriate higher access privileges (either as Power Users or local
    administrators), explicitly grant normal users elevated privileges to
    the affected folders and/or part(s) or the registry, or replace the
    application with one that was properly designed specifically for
    WinNT/2K/XP.

    Some Programs Do Not Work If You Log On from Limited Account
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091

    Additionally, here are a couple of tips suggested, in a reply to a
    different post, by MS-MVP Kent W. England:

    "If your game or application works with admin accounts, but not with
    limited accounts, you can fix it to allow limited users to access the
    program files folder with "change" capability rather than "read" which
    is the default.

    C:\>cacls "Program Files\appfolder" /e /t /p users:c

    where "appfolder" is the folder where the application is installed.

    If you wish to undo these changes, then run

    C:\>cacls "Program Files\appfolder" /e /t /p users:r

    If you still have a problem with running the program or saving
    settings on limited accounts, you may need to change permissions on
    the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
    where "vendor\app" is the key that the software vendor used for your
    specific program. Change the permissions on this key to allow Users
    full control."


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
Ask a new question

Read More

Windows XP