1) What is the difference between your account and the user account with admin privileges?
2) What happens if you make user admin, try it once, it fails, log off and try again as user with admin? On Thu, Sep 22, 2011 at 14:42, David Lum <david....@nwea.org> wrote: > Revisiting this one today, check this out. > > > > Log into RDS as standard user, try to launch this app and get “Run-time > error ‘70’: Permission denied” (same error I have been battling). > > Log that user off, make said user local admin, repeat the sequence fully > expecting the error to go away. Nope, same error > > Log in as myself, log into app as the standard user, application now works > (as has been the case) > > Log off, log in as standard user, launch app as standard user, application > now works > > > > Looking up the error, it appears to be a DCOM thing, but running the DCOM > config tool doesn’t help me as nothing jumps out at me to change… > > > > <scratching head> > > > > Dave > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Wednesday, September 14, 2011 10:29 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Looking at this error further, it tells me just *opening* this key > (operation is RegOpenKeyExA) is a problem for a standard user. > > HKLM\System\CurrentControlSet\Services\WinSock2\Parameters > > “Fails as standard user and succeeded with full admin permissions” > > > > With this app - it’s on RDS - if I log in as local admin and launch it, it > runs fine. If a standard users tried to launch it any time after I have > fired it up (and even if I have opened then closed it), it works too, so > it’s as if there’s some dependent service that fires up when initially > launched. > > > > Bizarro info #2, rebooting the server after making the app work by me > logging in…the app still works for a standard user even if I don’t log in > after the reboot, yet after some undetermined amount of time (days) it > “breaks” again. This sucks because I can’t break the app on demand. When it > breaks what the users sees is they launch the app and they get “Error 20 – > access is denied” after trying to login to it (credentials are specific to > the app, which come to think of it talks to a DB on a different machine). > > > > This app has a dependency on Mozilla, but the users have access to the > relevant Mozilla folders. > > > > Any guesses? > > > > Dave > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 9:09 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Ok cool, thanks! > > > > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Monday, September 12, 2011 8:40 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Shouldn’t be any reason you can’t build and install a shim there. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c – 312.731.3132 > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 10:29 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Whoa I omitted that this is for a 2008 R2 RDS application server, does that > change things? > > > > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Monday, September 12, 2011 8:22 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > No, the second one you just need to build the shim with the AppCompat > toolkit. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c – 312.731.3132 > > > > From: Crawford, Scott [mailto:crawfo...@evangel.edu] > Sent: Monday, September 12, 2011 10:09 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Standard users already have read access to that key. > > > > Registry virtualization is automatically on in Windows 7 with UAC enabled. > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 9:43 AM > To: NT System Admin Issues > Subject: App compatability > > > > Using LUA Biglight which helps show what apps need permissions to run as a > standard user and not admin, it points to the following key: > > HKLM\System\CurrentControlSet\Services\WinSock2\Parameters > > > > Solutions include “registry virtualization, the VirtualRegistry shim, as a > last resort, loosen permissions”. The first two involve the developer doing > something right? > > > > How much of a security hole is it if I allow read access by Domain Users? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
