1. Nothing 2. I will, I just have to wait for the app to fail again, which is frustrating because I can't make it fail on demand. Now that it works, it will continue to do so even if I reboot the server - something else triggers the "fail".
Dave -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, September 22, 2011 3:45 PM To: NT System Admin Issues Subject: Re: App compatability continues 1) What is the difference between your account and the user account with admin privileges? 2) What happens if you make user admin, try it once, it fails, log off and try again as user with admin? On Thu, Sep 22, 2011 at 14:42, David Lum <david....@nwea.org> wrote: > Revisiting this one today, check this out. > > > > Log into RDS as standard user, try to launch this app and get > “Run-time error ‘70’: Permission denied” (same error I have been battling). > > Log that user off, make said user local admin, repeat the sequence > fully expecting the error to go away. Nope, same error > > Log in as myself, log into app as the standard user, application now > works (as has been the case) > > Log off, log in as standard user, launch app as standard user, > application now works > > > > Looking up the error, it appears to be a DCOM thing, but running the > DCOM config tool doesn’t help me as nothing jumps out at me to change… > > > > <scratching head> > > > > Dave > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Wednesday, September 14, 2011 10:29 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Looking at this error further, it tells me just *opening* this key > (operation is RegOpenKeyExA) is a problem for a standard user. > > HKLM\System\CurrentControlSet\Services\WinSock2\Parameters > > “Fails as standard user and succeeded with full admin permissions” > > > > With this app - it’s on RDS - if I log in as local admin and launch > it, it runs fine. If a standard users tried to launch it any time > after I have fired it up (and even if I have opened then closed it), > it works too, so it’s as if there’s some dependent service that fires > up when initially launched. > > > > Bizarro info #2, rebooting the server after making the app work by me > logging in…the app still works for a standard user even if I don’t log > in after the reboot, yet after some undetermined amount of time (days) > it “breaks” again. This sucks because I can’t break the app on demand. > When it breaks what the users sees is they launch the app and they get > “Error 20 – access is denied” after trying to login to it (credentials > are specific to the app, which come to think of it talks to a DB on a > different machine). > > > > This app has a dependency on Mozilla, but the users have access to the > relevant Mozilla folders. > > > > Any guesses? > > > > Dave > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 9:09 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Ok cool, thanks! > > > > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Monday, September 12, 2011 8:40 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Shouldn’t be any reason you can’t build and install a shim there. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c – 312.731.3132 > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 10:29 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Whoa I omitted that this is for a 2008 R2 RDS application server, does > that change things? > > > > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Monday, September 12, 2011 8:22 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > No, the second one you just need to build the shim with the AppCompat > toolkit. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c – 312.731.3132 > > > > From: Crawford, Scott [mailto:crawfo...@evangel.edu] > Sent: Monday, September 12, 2011 10:09 AM > To: NT System Admin Issues > Subject: RE: App compatability > > > > Standard users already have read access to that key. > > > > Registry virtualization is automatically on in Windows 7 with UAC enabled. > > > > From: David Lum [mailto:david....@nwea.org] > Sent: Monday, September 12, 2011 9:43 AM > To: NT System Admin Issues > Subject: App compatability > > > > Using LUA Biglight which helps show what apps need permissions to run > as a standard user and not admin, it points to the following key: > > HKLM\System\CurrentControlSet\Services\WinSock2\Parameters > > > > Solutions include “registry virtualization, the VirtualRegistry shim, > as a last resort, loosen permissions”. The first two involve the > developer doing something right? > > > > How much of a security hole is it if I allow read access by Domain Users? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
