Security Basics mailing list archives

Re: XP software accessibility

From: Doug.Janelle () Thermo com
Date: Thu, 19 May 2005 17:44:06 -0400



You need to apply the same logic to the registry that you did for the file
system. Poorly-designed apps use HKLM for application settings, rather than
storing them in HKCU. Granting Admin priv's give the users the rights to HKLM
keys that standard users won't have. To address it, find which HKLM keys the app
uses (typically HKLM\Software\{vendor}\{application}. Use REGEDT32 to grant the
users right just to those keys. Presto! Apps run fine *without* local admin
access.

dcj2






H Jordan High <jordan () skylist net> on 05/19/2005 11:38:47 AM

To:   security-basics () securityfocus com
cc:    (bcc: Doug Janelle/Inc/Jouan)

Subject:  XP software accessibility



Hey everyone. I have recently been put in charge of "locking down" the
Windows XP workstations on our domain. Before everyone had been standard
domain users, but given Administrator privileges for their individual
machine.

What I have started to do is to install all the necessary software
logged in as Administrator, and then let them use the software while
logged in with "Standard User" privileges. Unfortunately I have found
certain pieces of software that just don't want to work correctly unless
run under Administrator, e.g. Trillian, which will function but not
display any icons, or other softwares which will error saying "A
required resource is unavailable". I first attempted to give "Everyone"
full control over the directories of the softwares giving problems, and
then did so for all of those program's files in other directories like
windows, etc. This solved the problem with a couple of them, but the
vast majority still will not load up.

I do not want to have to give everyone Administrator privileges for
obvious support reasons, but am going to be forced to if these softwares
will not load and run properly.

Thanks for any help,

Jordan


________________________________________

SKYLIST
Email Marketing Solutions that Deliver
Service You Can Trust

You are receiving this email message
from a representative of SKYLIST, Inc.
13171 Pond Springs Road, Austin, TX 78729
Toll Free: 877.250.2922

To cease all communication with SKYLIST, visit
http://www.skylist.net/unsubscribe
or send an email to unsubscribe () skylist com

Current thread:

XP software accessibility H Jordan High (May 19)
- Re: XP software accessibility PC Sage Information Services (May 20)
- Re: XP software accessibility Ansgar -59cobalt- Wiechers (May 20)
- <Possible follow-ups>
- Re: XP software accessibility Doug . Janelle (May 20)
- RE: XP software accessibility Gabriel O. Zabal (May 20)
- XP software accessibility Ben (May 23)