Adrian Bainbridge wrote:
> A real pet-peeve of mine is Windows applications which require
> non-standard access rights to run.
>
> I look after a few sites/servers/machines for different companies, and
> every time they get a specific piece of software I have to faff around
> with permissions. This is a pain as you have to remember what's set
> where should the software ever move home/machine needs rebuild etc.
>
> It's also a security risk.
>
> However the support lines of these companies advise "Just make them
> local administrators" to fix the problem, or "give them write access to
> windows\system32". When software doesn't work IMMEDIATELY, it's the IT
> guy that comes off looking a pleb :-(
>
> I *know* Microsoft released guidelines for this stuff getting on for 10
> years ago pre-Windows 2K, but I can't find any documentation online.
> Does anyone have an official Microsoft link so I can prove to these
> companies (and who pays my bills) it's not OUR problem, it's the
> hap-hazard way their software is written?
>
> Even companies like Sage still advise changing users to Admins to get
> their software working properly :-(


A pet hate of mine too. One way round this junkware is to use an
adapted version of the "makemeadmin" script, so that it runs the app
without giving wider permissions. Not ideal, but better than nothing.
Tip - nobble execute permission on the script or it can actually remove
admin privileges from an account which should have them. Should only be
run from a limited account, so deny execute privilege to the
Administrators group.

http://blogs.msdn.com/aaron_margosis...11/394244.aspx

Phil, London