How to fool program into working for limited users in XP Pro

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,

I wasn't sure where to post this, so I thought I had tried here.

I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
computer after his old one was fried during a storm. After installing it and
making sure the "modem-on-hold" feature worked right I then proceeded to
test it in his children's limited user accounts to make sure they can get on
the net also.

Now, while his children were also able to log onto the net, the modem on
hold program (which until now was quite impressive) will only work for users
logged on as administrators.

This fact was verified by one of USR's support technicians who informed me
that they had no immediate plans to change it so it would work in limited
accounts.

Now this is a problem because he and his children all spend a lot of time on
the net, and until his name comes up on the broadband waiting list, a modem
is all they have between them and the net.

Now for the difficult question. I was able to get the modem on hold program
to work properly by using the "run as"(my brother's administrative account)
command while logged into one of the limited user accounts.

However, I can't just give his children his password and tell them to
remember to run the moh program before going on the net. That would defeat
the purpose of limiting his children's user accounts.

What I would like to do, is add to the
Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string that
would automatically start the moh program with administrator credentials in
the limited accounts without assigning his children's accounts administrator
privilages.

If possible, I would really like to set it up to run as a service with
"local system" or "network" credentials so that it wouldn't have to be set
up for each individual account separately.

So any help would be appreciated.

Thanks ahead of time.

Peace,

Jeff Bowen
(aka Sky Captain)

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl,
Jeffrey Bowen (formerly Sky Captain) <jwaynebo@hotpop.com> typed:
> Hello,
>
> I wasn't sure where to post this, so I thought I had tried here.
>
> I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
> computer after his old one was fried during a storm. After installing
> it and making sure the "modem-on-hold" feature worked right I then
> proceeded to test it in his children's limited user accounts to make
> sure they can get on the net also.
>
> Now, while his children were also able to log onto the net, the modem
> on hold program (which until now was quite impressive) will only work
> for users logged on as administrators.
>
> This fact was verified by one of USR's support technicians who
> informed me that they had no immediate plans to change it so it would
> work in limited accounts.
>
> Now this is a problem because he and his children all spend a lot of
> time on the net, and until his name comes up on the broadband waiting
> list, a modem is all they have between them and the net.
>
> Now for the difficult question. I was able to get the modem on hold
> program to work properly by using the "run as"(my brother's
> administrative account) command while logged into one of the limited
> user accounts.
> However, I can't just give his children his password and tell them to
> remember to run the moh program before going on the net. That would
> defeat the purpose of limiting his children's user accounts.
>
> What I would like to do, is add to the
> Hkey_Local_Machine\Software\Microsoft\Windows\run key a command
> string that would automatically start the moh program with
> administrator credentials in the limited accounts without assigning
> his children's accounts administrator privilages.
>
> If possible, I would really like to set it up to run as a service with
> "local system" or "network" credentials so that it wouldn't have to
> be set up for each individual account separately.
>
> So any help would be appreciated.
>
> Thanks ahead of time.
>
> Peace,
>
> Jeff Bowen
> (aka Sky Captain)

Have you ever tried FileMon and RegMon from www.sysinternals.com ? Might
help you figure out what/where this app is attempting to write to, that is
being denied - so you can open up NTFS or registry permissions to those
areas only.

Another option might be to find a third party alternative to RunAs that does
not leak passwords.... try google, or see
http://nonadmin.editme.com/RunAsPro (I don't know anything about this in
particular but it came up in a search I did recently).

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thanks for the quick reply, Lanwench.

I know that it has to do with how the modem on hold program is supposed to
detect the presense of a valid moh modem. Basically at startup, the message
I get in the limited accounts explains that a valid v92 modem can not be
detected.

At first, I thought it might be a firewall issue. So I set up a second
administrator account and as with my brother's admin account, both modem and
ICN (Internet Call Notification as USR calls it) worked fine. That is how I
first suspected it only worked with admin accounts.

I tried all kinds of tricks like giving the limited account holders full
access to the System32 folder, but that didn't work. I also went into the
local security policy area and gave them access rights to update and change
firmware and trusted delegation rights.

Anyway, I will look into the "RunAsPro" suggestion and get back to you and
let you know how it worked today or tomorrow.

Again, thanks for the quick reply and suggestions.

Peace,

Jeff
(aka Sky Captain)
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uBHAnaHpFHA.4088@TK2MSFTNGP15.phx.gbl...
>
>
> In news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl,
> Jeffrey Bowen (formerly Sky Captain) <jwaynebo@hotpop.com> typed:
>> Hello,
>>
>> I wasn't sure where to post this, so I thought I had tried here.
>>
>> I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
>> computer after his old one was fried during a storm. After installing
>> it and making sure the "modem-on-hold" feature worked right I then
>> proceeded to test it in his children's limited user accounts to make
>> sure they can get on the net also.
>>
>> Now, while his children were also able to log onto the net, the modem
>> on hold program (which until now was quite impressive) will only work
>> for users logged on as administrators.
>>
>> This fact was verified by one of USR's support technicians who
>> informed me that they had no immediate plans to change it so it would
>> work in limited accounts.
>>
>> Now this is a problem because he and his children all spend a lot of
>> time on the net, and until his name comes up on the broadband waiting
>> list, a modem is all they have between them and the net.
>>
>> Now for the difficult question. I was able to get the modem on hold
>> program to work properly by using the "run as"(my brother's
>> administrative account) command while logged into one of the limited
>> user accounts.
>> However, I can't just give his children his password and tell them to
>> remember to run the moh program before going on the net. That would
>> defeat the purpose of limiting his children's user accounts.
>>
>> What I would like to do, is add to the
>> Hkey_Local_Machine\Software\Microsoft\Windows\run key a command
>> string that would automatically start the moh program with
>> administrator credentials in the limited accounts without assigning
>> his children's accounts administrator privilages.
>>
>> If possible, I would really like to set it up to run as a service with
>> "local system" or "network" credentials so that it wouldn't have to
>> be set up for each individual account separately.
>>
>> So any help would be appreciated.
>>
>> Thanks ahead of time.
>>
>> Peace,
>>
>> Jeff Bowen
>> (aka Sky Captain)
>
> Have you ever tried FileMon and RegMon from www.sysinternals.com ? Might
> help you figure out what/where this app is attempting to write to, that is
> being denied - so you can open up NTFS or registry permissions to those
> areas only.
>
> Another option might be to find a third party alternative to RunAs that
> does not leak passwords.... try google, or see
> http://nonadmin.editme.com/RunAsPro (I don't know anything about this in
> particular but it came up in a search I did recently).
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi Jeffrey,

Have you tried giving the limited accounts 'read & execute' or 'full
control' permissions on the software's installation folder? Generally this
resolves those types of issues.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Jeffrey Bowen (formerly Sky Captain)" <jwaynebo@hotpop.com> wrote in
message news:eSopfRHpFHA.2952@TK2MSFTNGP15.phx.gbl...
> Hello,
>
> I wasn't sure where to post this, so I thought I had tried here.
>
> I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
> computer after his old one was fried during a storm. After installing it
> and making sure the "modem-on-hold" feature worked right I then proceeded
> to test it in his children's limited user accounts to make sure they can
> get on the net also.
>
> Now, while his children were also able to log onto the net, the modem on
> hold program (which until now was quite impressive) will only work for
> users logged on as administrators.
>
> This fact was verified by one of USR's support technicians who informed me
> that they had no immediate plans to change it so it would work in limited
> accounts.
>
> Now this is a problem because he and his children all spend a lot of time
> on the net, and until his name comes up on the broadband waiting list, a
> modem is all they have between them and the net.
>
> Now for the difficult question. I was able to get the modem on hold
> program to work properly by using the "run as"(my brother's administrative
> account) command while logged into one of the limited user accounts.
>
> However, I can't just give his children his password and tell them to
> remember to run the moh program before going on the net. That would defeat
> the purpose of limiting his children's user accounts.
>
> What I would like to do, is add to the
> Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string
> that would automatically start the moh program with administrator
> credentials in the limited accounts without assigning his children's
> accounts administrator privilages.
>
> If possible, I would really like to set it up to run as a service with
> "local system" or "network" credentials so that it wouldn't have to be set
> up for each individual account separately.
>
> So any help would be appreciated.
>
> Thanks ahead of time.
>
> Peace,
>
> Jeff Bowen
> (aka Sky Captain)
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jeffrey Bowen (formerly Sky Captain) wrote:
> Hello,
>
> I wasn't sure where to post this, so I thought I had tried here.
>
> I recently installed a US Robotics 56K(V92) Faxmodem in my brother's
> computer after his old one was fried during a storm. After installing it and
> making sure the "modem-on-hold" feature worked right I then proceeded to
> test it in his children's limited user accounts to make sure they can get on
> the net also.
>
> Now, while his children were also able to log onto the net, the modem on
> hold program (which until now was quite impressive) will only work for users
> logged on as administrators.
>
> This fact was verified by one of USR's support technicians who informed me
> that they had no immediate plans to change it so it would work in limited
> accounts.
>
> Now this is a problem because he and his children all spend a lot of time on
> the net, and until his name comes up on the broadband waiting list, a modem
> is all they have between them and the net.
>
> Now for the difficult question. I was able to get the modem on hold program
> to work properly by using the "run as"(my brother's administrative account)
> command while logged into one of the limited user accounts.
>
> However, I can't just give his children his password and tell them to
> remember to run the moh program before going on the net. That would defeat
> the purpose of limiting his children's user accounts.
>
> What I would like to do, is add to the
> Hkey_Local_Machine\Software\Microsoft\Windows\run key a command string that
> would automatically start the moh program with administrator credentials in
> the limited accounts without assigning his children's accounts administrator
> privilages.
>
> If possible, I would really like to set it up to run as a service with
> "local system" or "network" credentials so that it wouldn't have to be set
> up for each individual account separately.
>
> So any help would be appreciated.
>
> Thanks ahead of time.
>
> Peace,
>
> Jeff Bowen
> (aka Sky Captain)
>
>


You may experience some problems if the software was designed for
Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly
designed. Quite simply, the application doesn't "know" how to handle
individual user profiles with differing security permissions levels, or
the application is designed to make to make changes to "off-limits"
sections of the Windows registry or protected Windows system folders.

For example, saved data are often stored in a sub-folder under the
application's folder within C:\Program Files - a place where no
inexperienced or limited user should ever have write permissions.

It may even be that the software requires "write" access to parts
of the registry or protected systems folders/files that are not normally
accessible to regular users. (This *won't* occur if the application is
properly written.) If this does prove to be the case, however, you're
often left with three options: Either grant the necessary users
appropriate higher access privileges (either as Power Users or local
administrators), explicitly grant normal users elevated privileges to
the affected folders and/or part(s) or the registry, or replace the
application with one that was properly designed specifically for
WinNT/2K/XP.

Some Programs Do Not Work If You Log On from Limited Account
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091

Additionally, here are a couple of tips suggested, in a reply to a
different post, by MS-MVP Kent W. England:

"If your game or application works with admin accounts, but not with
limited accounts, you can fix it to allow limited users to access the
program files folder with "change" capability rather than "read" which
is the default.

C:\>cacls "Program Files\appfolder" /e /t /p users:c

where "appfolder" is the folder where the application is installed.

If you wish to undo these changes, then run

C:\>cacls "Program Files\appfolder" /e /t /p users:r

If you still have a problem with running the program or saving
settings on limited accounts, you may need to change permissions on
the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app,
where "vendor\app" is the key that the software vendor used for your
specific program. Change the permissions on this key to allow Users
full control."



--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH