frustrating indeed. On Fri, Sep 23, 2011 at 05:58, David Lum <david....@nwea.org> wrote: > 1. Nothing > > 2. I will, I just have to wait for the app to fail again, which is > frustrating because I can't make it fail on demand. Now that it works, it > will continue to do so even if I reboot the server - something else triggers > the "fail". > > Dave > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Thursday, September 22, 2011 3:45 PM > To: NT System Admin Issues > Subject: Re: App compatability continues > > 1) What is the difference between your account and the user account with > admin privileges? > > 2) What happens if you make user admin, try it once, it fails, log off and > try again as user with admin? > > On Thu, Sep 22, 2011 at 14:42, David Lum <david....@nwea.org> wrote: >> Revisiting this one today, check this out. >> >> >> >> Log into RDS as standard user, try to launch this app and get >> “Run-time error ‘70’: Permission denied” (same error I have been battling). >> >> Log that user off, make said user local admin, repeat the sequence >> fully expecting the error to go away. Nope, same error >> >> Log in as myself, log into app as the standard user, application now >> works (as has been the case) >> >> Log off, log in as standard user, launch app as standard user, >> application now works >> >> >> >> Looking up the error, it appears to be a DCOM thing, but running the >> DCOM config tool doesn’t help me as nothing jumps out at me to change… >> >> >> >> <scratching head> >> >> >> >> Dave >> >> >> >> From: David Lum [mailto:david....@nwea.org] >> Sent: Wednesday, September 14, 2011 10:29 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> Looking at this error further, it tells me just *opening* this key >> (operation is RegOpenKeyExA) is a problem for a standard user. >> >> HKLM\System\CurrentControlSet\Services\WinSock2\Parameters >> >> “Fails as standard user and succeeded with full admin permissions” >> >> >> >> With this app - it’s on RDS - if I log in as local admin and launch >> it, it runs fine. If a standard users tried to launch it any time >> after I have fired it up (and even if I have opened then closed it), >> it works too, so it’s as if there’s some dependent service that fires >> up when initially launched. >> >> >> >> Bizarro info #2, rebooting the server after making the app work by me >> logging in…the app still works for a standard user even if I don’t log >> in after the reboot, yet after some undetermined amount of time (days) >> it “breaks” again. This sucks because I can’t break the app on demand. >> When it breaks what the users sees is they launch the app and they get >> “Error 20 – access is denied” after trying to login to it (credentials >> are specific to the app, which come to think of it talks to a DB on a >> different machine). >> >> >> >> This app has a dependency on Mozilla, but the users have access to the >> relevant Mozilla folders. >> >> >> >> Any guesses? >> >> >> >> Dave >> >> >> >> From: David Lum [mailto:david....@nwea.org] >> Sent: Monday, September 12, 2011 9:09 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> Ok cool, thanks! >> >> >> >> From: Brian Desmond [mailto:br...@briandesmond.com] >> Sent: Monday, September 12, 2011 8:40 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> Shouldn’t be any reason you can’t build and install a shim there. >> >> >> >> Thanks, >> >> Brian Desmond >> >> br...@briandesmond.com >> >> >> >> c – 312.731.3132 >> >> >> >> From: David Lum [mailto:david....@nwea.org] >> Sent: Monday, September 12, 2011 10:29 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> Whoa I omitted that this is for a 2008 R2 RDS application server, does >> that change things? >> >> >> >> From: Brian Desmond [mailto:br...@briandesmond.com] >> Sent: Monday, September 12, 2011 8:22 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> No, the second one you just need to build the shim with the AppCompat >> toolkit. >> >> >> >> Thanks, >> >> Brian Desmond >> >> br...@briandesmond.com >> >> >> >> c – 312.731.3132 >> >> >> >> From: Crawford, Scott [mailto:crawfo...@evangel.edu] >> Sent: Monday, September 12, 2011 10:09 AM >> To: NT System Admin Issues >> Subject: RE: App compatability >> >> >> >> Standard users already have read access to that key. >> >> >> >> Registry virtualization is automatically on in Windows 7 with UAC enabled. >> >> >> >> From: David Lum [mailto:david....@nwea.org] >> Sent: Monday, September 12, 2011 9:43 AM >> To: NT System Admin Issues >> Subject: App compatability >> >> >> >> Using LUA Biglight which helps show what apps need permissions to run >> as a standard user and not admin, it points to the following key: >> >> HKLM\System\CurrentControlSet\Services\WinSock2\Parameters >> >> >> >> Solutions include “registry virtualization, the VirtualRegistry shim, >> as a last resort, loosen permissions”. The first two involve the >> developer doing something right? >> >> >> >> How much of a security hole is it if I allow read access by Domain Users? >> >> David Lum >> Systems Engineer // NWEATM >> Office 503.548.5229 // Cell (voice/text) 503.267.9764 >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin