Search Results

Search found 379 results on 16 pages for 'uac'.

Page 7/16 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • Run Active Directory Admin Center as another user

    - by dunxd
    I am trying to run Active Directory Admin Center (dsac.exe) on Windows 7 as another user by means of creating a shortcut, rather than having to Shift+Right click and specify the user. On Windows XP I could create a runas shortcut like this (forget for a moment that dsac.exe does not exist in Windows XP): runas /user:DOMAIN\user dsac.exe When I run this on Windows 7, the cmd style windows pops up and asks for the password for DOMAIN\user, but I get the following message: Attempting to start dsac.exe as user "DOMAIN\user" ... RUNAS ERROR: Unable to run - dsac.exe 740: The requested operation requires elevation. How do I get Windows 7 to automatically run dsac.exe as a specified user? I'm happy to fill in a password prompt for the specified user, but would be even happier if there was a solution that cached the password, so I didn't have to enter it more than once a day.

    Read the article

  • Why is my global security group being filtered out of my logon token?

    - by Jay Michaud
    While investigating the effects of filtered tokens on my file permissions, I noticed that one of my global security groups is being filtered in addition to the regular system-defined filtered groups. My Active Directory environment is a single-domain forest on the Windows Server 2003 functional level. I'll call the domain "mydomain.example.com". I am logged onto a Windows Server 2008 Enterprise Edition machine (not a domain controller) as a member of the "MYDOMAIN\Domain Admins" group and the "MYDOMAIN\MySecurityGroup" global security group (among others). When I run "whoami /groups" from an elevated command prompt, I see the full list of groups to which my account belongs as expected. When I run "whoami /groups" from a regular, non-elevated command prompt, I see the same list of groups, but the following groups are described as "Group used for deny only". BUILTIN\Administrators MYDOMAIN\Schema Admins MYDOMAIN\Offer Remote Assistance Helpers MYDOMAIN\MySecurityGroup Numbers 1 through 3 above are expected based on Microsoft documentation; number 4 is not. The "MYDOMAIN\MySecurityGroup" global security group is a group that I created. It contains three non-built-in global security groups, and these security groups contain only non-built-in user accounts. (That is, I created all of the accounts and groups that are members of the "MYDOMAIN\MySecurityGroup" global security group.) There are other, similar groups of which my account is a member that are not being filtered out of my logon token, and this group is not granted any specific user rights in the security settings of this computer or in Group Policy. What would cause this one group to be filtered out of my logon token?

    Read the article

  • In Windows 7 is there a way to login from any user account and see the same workspace and be able to use the running programs of another user?

    - by WickedMongoose
    Our group has a number of Test Stands with PCs that are currently being accessed with a single group login. It has been sent from on high that this is not the way to do things for security reasons and we all agree. However. Multiple team members from around the world log into these Test Stands and need to be able to access programs that have been run from what would be different user profiles if we were to no longer have a single common login. Is there a way to have a common workspace such that when different users login, they will be able to see and interact with all running applications as if they were using a common login? Applications that we run link to and monopolize hardware resources connected to the PC and it is time consuming to restart and reload settings every time a new user logs in. Even if the program did not monopolize the hardware many of these programs are resource intensive and require a large portion of each machine's RAM to run, so trying to run the application again when it is already running from multiple user accounts would quickly consume all system resources. Simple Example: I open a chrome browser while logged into our pc. I then logout and another team member remotes in and should be able to see my open browser and be able to interact with it as if he were the one who opened it. Any alternative process flows or solutions from someone who has gone through a similar transition would be appreciated. This is not a request for how to give all users access to the ability to run a program, but it is the request for how to allow all users access to interact with running applications that have been started by other users and need to be interacted with as if the new user started and has control of the application.

    Read the article

  • Load ActiveX DLL in Internet Explorer with elevated privileges

    - by adum
    I have an ActiveX control that I'm loading with JavaScript in Internet Explorer. It needs to run as medium integrity under UAC in Vista and Win7. This is written in C/C++, compiled in Visual Studio. One way to elevate privileges is to create a broker process that can request a medium integrity level. However, for this project, this is not a practical solution. I really need the ActiveX control itself to run elevated. My question is: what's the easiest way to do this? Can I change the build options on the project to be an exe, and use the COM interprocess connect system to automatically handle the communications, or do I need to be more sophisticated? Do I need to do anything complicated like manually call CreateProcess and make some kind of broker, or can it just work as an ActiveX exe that elevates itself?

    Read the article

  • allow editing of config files by WIndows Server 2008 admins running non-elevated?

    - by Justin Grant
    My company produces a cross-platform server application which loads its configuration from user-editable configuration files. On Windows, config files are locked down at Setup time to allow reading by all users but restrict editing to Administrators only. Unfortunately, on Windows Server 2008, even local administrators no longer have admin privileges (because of UAC) unless they're running an elevated app. My question is: if a Windows Server 2008 admin wants to edit an admins-only config file, how does he normally do it? Is he forced to use a text editor which is smart enough to auto-elevate when elevation is needed, like Windows Explorer does in response to access denied errors? Or is there something that we can do in our app (e.g. in ACLs we lay down at setup time) which signal apps (or explorer) that elevation is needed before editing the file or which otherwise make our app friendlier to admins running on modern Windows OS's?

    Read the article

  • My service does not start on Windows 2008 (it works on Windows 2003)

    - by akirekadu
    When we install our product on Windows 2008 SP2, couple of services fail to start. After trying different things, we figured out that these service were able to start when "Log on as" is set to "Local system account". This service does need to run as a specific user because it requires access to secure resources. The service did run just fine under this special user account under Windows 2003. I am thinking the problem is related to UAC (user access control). Under interactive mode one can elevate permission by answering the security dialog box. How to do the same for a service? How to configure the service so it runs with necessary permissions? Thanks! Couple of notes I would like to add. One solution I tried is to execute the installer as administrator. The service does get installed. However, it creates another problem. An embedded 3rd party product and its files get installed with admin only rights. So we do need to run the installer as logged in user.

    Read the article

  • Signed and RequireAdministrator manifested executable being run from temp folder?

    - by Ian Boyd
    i manifested my executable as require administrator: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <!-- Disable Windows Vista UAC compatability heuristics --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/> </requestedPrivileges> </security> </trustInfo> </assembly> And then i digitally signed it. But then when i run the executable i noticed something odd: the name of the executable on the Consent dialog changed from PingWarning.exe to pinxxxx.tmp; as though a temp copy was made, and that is being run: i dug out Process Montior, to see if anyone is creating a *.tmp file when i launch my executable, and there is: The Application Information service inside this particular svchost container is intentionally copying my executable to the Windows temp folder, and asking for user "Consent" from there; giving an invalid filename. Once consent has been granted, the executable is run from its original location: link text The file is not copied to the temp folder if i do not digitally sign it: So my problem is the invalid filename appearing on the consent dialog when i digitally sign my executable which has been manifested as requireAdministrator. What do?

    Read the article

  • Is it possible to install into Program Files with limited privileges?

    - by Marek
    I have an application that will be deployed as MSI package (authored in WiX). I am deciding whether to specify elevated or limited privileges as required for the installer. The application does not include anything requiring elevated privileges besides the default install location, which is under Program Files. Now the problem: If I specify elevated privileges, then the user is prompted by UAC for administrator password during the installation. This is not required and prevents non-admin users from installing. If I specify limited privileges, then the user is presented with a dialog to select install location with Program Files being default. In case they do not change the install location (95 % of end users probably won't), then the installer will fail with a message that they should contact the Administrator or run the application as administrator. If they launch the installer as Administrator then they can install into Program Files without problem - but most of the users won't probably know how to launch an installer as administrator. I can potentially set the default install location to e.g. C:\Company name\Program\, but this seems nonstandard to me and majority of users will not probably like this (they are probably used to installing into Program Files). How do you solve this problem with installing applications under limited user accounts?

    Read the article

  • WMI: Editing the Registry Remotely

    - by Quanta
    I'm trying to use the following code (poorly written, but it's just a proof of concept) to edit the registry of a computer on a domain. I have a domain account, and I've verified that the domain admin group is present in the local admin group on the machines I'm attempting to affect. I've connected to these other machines to perform other administrative type tasks, so I'm sure that I have administrative privileges on these hosts. All of StdRegProv's "get" methods work fine (http://msdn.microsoft.com/en-us/library/aa393664%28VS.85%29.aspx) but the "set" or "create" methods as well as check access all return "5" which is "Error_Access_Denied" according to winerror.h. So there's the problem: why do I get access denied when attempting to modify the registry? If anyone can help me figure this out, you'd have my utmost appreciation! I almost forgot, when I fire up Visual Studio in admin mode on my local machine and run the code against the local machine, it works flawlessly. If I don't start in admin mode on the local machine, the code fails, so I suspect there's a UAC problem maybe? using System; using System.Management; public class EditRemoteRegistry { public static void Main(string[] args) { ConnectionOptions options = new ConnectionOptions(); options.EnablePrivileges = true; options.Impersonation = ImpersonationLevel.Impersonate; options.Password = "password goes here"; //options.Authority = "my company's domain"; //options.Username = "Admin username"; ManagementScope scope = new ManagementScope("\\\\arbitraryhost\\root\\default", options); scope.Connect(); ManagementClass mc = new ManagementClass("StdRegProv"); ManagementBaseObject inParams = mc.GetMethodParameters("CreateKey"); inParams["hDefKey"] = (UInt32)2147483650; inParams["sSubKeyName"] = "Software\\Test"; ManagementBaseObject outParams = mc.InvokeMethod("CreateKey", inParams, null); //Should return a 0, but returns a 5, "Error_Access_Denied" Console.WriteLine("CreateKey Method returned " + outParams["returnValue"]); //This chunk works fine ManagementBaseObject inParams5 = mc.GetMethodParameters("GetDWORDValue"); inParams5["hDefKey"] = 2147483650; inParams5["sSubKeyName"] = "Software\\Test"; inParams5["sValueName"] = "testDWORDvalue"; ManagementBaseObject outParams5 = mc.InvokeMethod("GetDWORDValue", inParams5, null); Console.WriteLine("GetDWORDValue returned " + (UInt32)outParams5["returnValue"] + " "); Console.WriteLine((UInt32)outParams5["uValue"]); ManagementBaseObject inParams6 = mc.GetMethodParameters("SetStringValue"); inParams6["hDefKey"] = 2147483650; inParams6["sSubKeyName"] = "Software\\Test"; inParams6["sValueName"] = "TestStringValue"; inParams6["sValue"] = "Hello World!"; ManagementBaseObject outParams6 = mc.InvokeMethod("SetStringValue", inParams6, null); //Should return a 0, but returns a 5, "Error_Access_Denied" Console.WriteLine("SetStringValue returned " + outParams6["returnValue"]); Console.ReadKey(); } }

    Read the article

  • VB6 Manifest not working on Windows 7

    - by Matt
    I have created a manifest file for a VB6 application that is running on Windows 7 (not for any visual style changes, just to make sure it accesses the common registry and not a virtualised one) The exe name is Capadm40.exe, the manifest is named Capadm40.exe.manifest and contains the following: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="CompanyName.Capadm40" type="win32"/> <description>Administers the System</description> <!-- Identify the application security requirements. --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> However, this doesn't seem to make any difference. ie the application is still using the virtualised registry hive. What is also strange is the after I unticked the 'Run this program as an administrator' option in the properties of the application exe, windows still shows a shield on the application icon, leading my to think this is some issue with my windows installation rather than a fault with the manifest. Any ideas?

    Read the article

  • What parts of .NET require administrative priviliges to be executed?

    - by Ruben Steins
    Which parts of the framework require a user to be more than a Standard User? The reason I'm asking is because I'm trying to compile a list of possible issues with our existing applications when migrating to Windows 7. Now, I can think of a few things myself: Writing to Eventlog Writing to Registry Keys outside of Current_User scope Getting an Environment variable etc... I really would like a more complete list and so far I've not come across a decent resource in which all this stuff is listed. Note that I'm not looking for ways of elevating the priviliges for the exsiting apps (which can be done by using a manifes), I'm simply idenitifying actions in code that might cause issues.

    Read the article

  • How do I create a shortcut to CMD.EXE that asks for elevation using INNO Setup?

    - by Maltrap
    Hi, using INNO Setup I currently have the following entry under the [ICONS] section: Name: "{group}\My App\My App - Command Prompt"; Filename: "cmd.exe"; WorkingDir: "{app}" This shortcut launches a command prompt straight into my application's folder. Unfortunately it isn't launched as elevated which means the commands the user runs from there doesn't have appropriate rights. Using INNO Setup, how can I create a shortcut to CMD.exe (in a specific folder) that requires elevation? Doing this for other applications can be done via a manifest file. My question is, how do I use it using INNO, and if I can't, what are my alternatives?

    Read the article

  • Admin required for Visual Studio 2008 Setup Project

    - by user54064
    I have a VS 2008 Setup Project that is installing a very simple application in the local user's App Folder. When the Setup Project runs, it is requiring the Admin to login to run it. How can I allow a Standard User to run the installation. There are no Prerequisites. The MSI file is the only file to be run (no Setup.exe). I have signed the msi with a certificate that is installed on the user's machine as Trusted. I just can't get rid of the Admin login requirement.

    Read the article

  • Can I allow a write access to a particular registry key without elevation?

    - by 280Z28
    I develop an extension for Visual Studio 2005, 2008, and 2010. The Visual Studio 2005 SDK requires write access to the following registry key during builds. The normal way to handle this run Visual Studio with elevated privileges. The entire issue can be avoided if there's some way I can set permissions to allow access to this particular registry key without elevation: HKLM\SOFTWARE\Microsoft\VisualStudio\8.0Exp Side note: This key is only used for testing Visual Studio 2005 extensions. The issue does not occur on client machines so this is just a workaround for my own development machine.

    Read the article

  • How elevate and get admin rights on-demand in a .NET application?

    - by sashaeve
    I have an .NET application which is run with default rights as the current user, then at some point I need to perform an action which requires admin rights. How can I get admin rights on-demand in a .NET application? Requiring that the application is run with admin rights from the beginning is not appropriate as it may be that such action may not be called.

    Read the article

  • How to install a desktop shortcut (to a batch file) from a WiX-based installer that has "Run as Admi

    - by arathorn
    I'm installing a desktop shortcut (to a batch file) from a WiX-based installer -- how do I automatically configure this shortcut with the "Run as Administrator" setting enabled? The target OS is Windows Server 2008 R2, and the installer is running with elevated priveleges. Update: Thanks to the link provided by @Anders, I was able to get this working. I needed to do this in a C# CustomAction, so here is the C# version of the code: namespace CustomAction1 { public class CustomAction1 { public bool MakeShortcutElevated(string file_) { if (!System.IO.File.Exists(file_)) { return false; } IPersistFile pf = new ShellLink() as IPersistFile; if (pf == null) { return false; } pf.Load(file_, 2 /* STGM_READWRITE */); IShellLinkDataList sldl = pf as IShellLinkDataList; if (sldl == null) { return false; } uint dwFlags; sldl.GetFlags(out dwFlags); sldl.SetFlags(dwFlags | 0x00002000 /* SLDF_RUNAS_USER */); pf.Save(null, true); return true; } } [ComImport(), Guid("00021401-0000-0000-C000-000000000046")] public class ShellLink { } [ComImport(), InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("45e2b4ae-b1c3-11d0-b92f-00a0c90312e1")] interface IShellLinkDataList { void GetFlags(out uint pdwFlags); void SetFlags(uint dwFlags); } }

    Read the article

  • How to prevent "This program might not have installed correctly" messages on Vista

    - by Jason
    I have a product setup executable that copies some files to the user's hard drive. It's not a typical installer in the normal sense (it doesn't add anything to the Start Menu or Program Files folders). Each time the setup program is run on Vista, after the exe terminates, Vista produces a task dialog: This program might not have installed correctly Reinstall using recommended settings This program installed correctly Is there a function I need to call from the exe or registry entry to set, to indicate to the operating system that the program installed correctly (or to at least supress this message)? Related questions: http://stackoverflow.com/questions/1069135/this-program-might-not-have-installed-correctly-message-in-windows-7-rc (for Windows 7-specific issues)

    Read the article

  • Creating compound applications in Windows 7

    - by Mmarquee
    I need to port a suite of Windows applications (running under XP with little security turned on) to Windows 7 with various levels of security, depending on how our clients may configure it. Each functional area is a seperate executable or DLL that is downloaded and registered by a central 'compound' application. This means that the different parts are all joined together to form in effect a large single application. My problem is that the compound application knows about the other applications via COM registery, either as a typelibrary or as OCXs, where appropriate. I have tried several questions here to try and solve the problems I am getting, but I don't seem to be able to get around the problem of needing elevated access to register applications and access the registry. Our clients will be expecting the same (relatively) seemless download and activation process as current under XP. So does anyone have a solution for registering typelibraries and OCX controls without need to go through an elevation process. Thanks in advance

    Read the article

  • Windows7 run as admin with password

    - by dakull
    I love running as a standard user for its security pluses, my admin account is password protected. The problem appears when I need to run a program that requires admin rights, is there a way to include the password somehow so I won't have to type it every time ? Without changing my current setup: admin password protected account and I log on to a limited standard user account. I'm thinking of script or something like that ?

    Read the article

  • Is it a Microsoft issue?

    - by Yigang Wu
    I have a exe was complied by VC6 and the file name is patch.exe, there is no manifest was added, in that case, the EXE file requires administrator privileges, even though I removed all codes, just keep a empty main(), the result is same. But if I change the EXE from patch.exe to a.exe, the issue is gone. Below is my test result. 1. EXE was complied by VC6 2. Without manifest or didn't specific privileges in manifest 3. the exe name included "patch" substring, case-insensitive Is it a Microsoft issue? Why? Tried VC2008, I can't repeat it.

    Read the article

  • Automatic program update and Windows 7

    - by Mmarquee
    Hi We have a suite of programs that check for new versions at startup, and then download new versions to run if required. This is obviously a problem in Windows 7, when it is locked down as a 'standard user', as they can't write to the c:\program files directory and below. Anyone seen a example of an application that gets around with issue ? Our applications are written in Delphi, but an example in any language would be useful. Thanks in advance Update: We already have a system for determing whether a new version exists, the only problem is the download and install (if required), as this requires elevation. I can't think of a way that doesn't require an elevation prompt, or our users to reduce their security settings. Update 2 : I've asked a subsequent question, rather than adding a new one here

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >