Looking at this error further, it tells me just *opening* this key (operation is RegOpenKeyExA) is a problem for a standard user. HKLM\System\CurrentControlSet\Services\WinSock2\Parameters "Fails as standard user and succeeded with full admin permissions"
With this app - it's on RDS - if I log in as local admin and launch it, it runs fine. If a standard users tried to launch it any time after I have fired it up (and even if I have opened then closed it), it works too, so it's as if there's some dependent service that fires up when initially launched. Bizarro info #2, rebooting the server after making the app work by me logging in...the app still works for a standard user even if I don't log in after the reboot, yet after some undetermined amount of time (days) it "breaks" again. This sucks because I can't break the app on demand. When it breaks what the users sees is they launch the app and they get "Error 20 - access is denied" after trying to login to it (credentials are specific to the app, which come to think of it talks to a DB on a different machine). This app has a dependency on Mozilla, but the users have access to the relevant Mozilla folders. Any guesses? Dave From: David Lum [mailto:david....@nwea.org] Sent: Monday, September 12, 2011 9:09 AM To: NT System Admin Issues Subject: RE: App compatability Ok cool, thanks! From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, September 12, 2011 8:40 AM To: NT System Admin Issues Subject: RE: App compatability Shouldn't be any reason you can't build and install a shim there. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: David Lum [mailto:david....@nwea.org] Sent: Monday, September 12, 2011 10:29 AM To: NT System Admin Issues Subject: RE: App compatability Whoa I omitted that this is for a 2008 R2 RDS application server, does that change things? From: Brian Desmond [mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]> Sent: Monday, September 12, 2011 8:22 AM To: NT System Admin Issues Subject: RE: App compatability No, the second one you just need to build the shim with the AppCompat toolkit. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Monday, September 12, 2011 10:09 AM To: NT System Admin Issues Subject: RE: App compatability Standard users already have read access to that key. Registry virtualization is automatically on in Windows 7 with UAC enabled. From: David Lum [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> Sent: Monday, September 12, 2011 9:43 AM To: NT System Admin Issues Subject: App compatability Using LUA Biglight which helps show what apps need permissions to run as a standard user and not admin, it points to the following key: HKLM\System\CurrentControlSet\Services\WinSock2\Parameters Solutions include "registry virtualization, the VirtualRegistry shim, as a last resort, loosen permissions". The first two involve the developer doing something right? How much of a security hole is it if I allow read access by Domain Users? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
