Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running Legacy Software on XP with a limited user Account 11

Status
Not open for further replies.
gpalmer711

gpalmer711

IS-IT--Management
May 11, 2001
2,445
0
0
GB
There have been several threads on this forum recently regarding running applications through a limited user account, that had been installed using an admin account.

I have created a small application that will allow you to do this. It is available free of charge at
This basically allows you to create a new exe file which launches your application with administrative rights but does not divulge the admin login details.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Thanks Greg. Nice job.
 
You deserve more than a star for you effort.

Which user runs this program? Are there any security implications if you don't want a limited user to use this program to bypass permission settings?
 
Sorry I should really of expanded my description it was 2am when I posted though - LOL.

Any User can use the application to run an external application as any different user.

When you have created the new exe file if you place this in the Documents and settings\%username% or anther folder that the user has full access to.

With regards to security i'm not at the right machine to check but I think that if it is in the Documents and settings\%username% folder only that user and administrators can access the file.

Simple Password protection is something that could be added to the software though.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Awesome...I'm going to try this out ASAP.
 
I think Greg did a great job.
There are some preliminary items to consider if you are having problems with this wrapper.

You may have some of these issues:

If the calling user account does not have the permission to "act as part of the operating system," the LogonUser() API fails and generates a return value of zero. If you call Err.LastDllError, you receive error message 1314. This message means that a required permission is not held by the client. Similarly, if the calling user account does not have the two permissions to "replace a process level token" and to "increase quotas," the CreateProcessAsUser() API fails and generates the error message 1314.

If you start an interactive application as another user, you must have access to the interactive window station and desktop that is named winsta0\default. If the application is interactive, the caller needs to programmatically add the required permission to winsta0\default. After this, the caller can call the RunAsUser helper function in the sample Visual Basic code below.

You must give enough permissions to the user account that is specified in LogonUser() so that the interactive application can start successfully. The following Knowledge Base article has sample Visual Basic code that you can use to update permissions on a Windows workstation and desktop:
Source and essentially a snip:
 
I made some assumptions about Greg's code above, and I could be wrong. But the Security principles involved I think are solid. Particularly in a Domain setting some adjustments to normally ignored settings "Ability to act as part of the Operating system" and others become important.

Again, good job Greg.

Bill Castner
 
My star did not appear to "stick" my first attempt. Hope you get my best wishes on a second attempt for a well deserved star for this valuable approach to the issue.
 
Hi Bill,
Your bang on with your assumptions, I have a few ideas on how to get round this problem but have not been at work this week so couldn't test them out. I'll take a look next week and let you all know.


Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
I have a .bat file which needs this access, does the app only work with .exe files?

I continue to get "file not found". There are spaces in the path and file names.
 
Sorry, forgive me, I ran from the ZIP file - doh!
 
Excellent utility!! I have been able to use this to Publish legacy applications in Group Policy that previously required admin rights to install (ex the Client Tools for MSOFT SQL Server).

I did run into one small glitch after getting it to work - legacy applications that require admin access to the registry typically require a reboot to make the necessary changes - the admin context is lost upon reboot (as expected), resulting in a number of error messages post-reboot. For my purposes, this did not affect the overall installation, but I could see it causing problems for other apps.

However, by in large, this is a GREAT utility for an admin to have access to!!
 
Oh, baby....

This is exactly what I've looking for...thank you, thank you, thank you...

Cheers
 
I created a batch file to run under a non-admin account on my windows 2000 pro machine.. when I created the exe file with your utility it created the exe file without any problems...

However when I execute the file that was created it pops up saying "Windows 2000 Premium" installation and begins to try to install "Windows 2000 Premium" if I let the install run it eventually errors out, but if I hit cancel a few times it then brings up my batch file... Has anyone run into this or can maybe explain what is causing this to happen??

Thanks!!

Frank Soprano-
 
Make sure you have the latest versions of the Microsoft Visual Basic 6 Runtimes installed on the machine. They can be found at
If you still experience problems after the installation let me know and I will look into it further.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
I will check those files out and permissions when I go back to work... I will let you know how I make out!!!

Thanks for the help!!!

 
I was doing some thinking lastnight, and I think it has to do with the file permissions because under Administrator it worked fine, I only encountered a problem with it under non-admin accounts...


I'll keep you posted!!


Thanks Again!
 
I updated to the latest VB files and when I execute the exe created with the utility it comes up with the following message: "CreateProcessWithLogonW() failed with error 1326"

I am lost as to how to proceed from here on what I have to change....


 
If necessary I can email you the little script that I am trying to run as a non-admin account...

Thanks Again!
 
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
193
guitarzan
guitarzan
Rick_
  • Locked
  • Question
Reliance Automax Exec V3 software
Replies
6
Views
115
Andrzejek
Andrzejek
goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
125
goombawaho
goombawaho
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
248
Flinx
Flinx
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
82
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top