View Full Version : Creating custom user account
Segun 'Dash
December 5th 03, 07:43 PM
I have a program which requires administrative rights to
run, the program is a server/client type, but I don't want
other users of the computer to have administrative rights
especially i don't want them to be able to install any
program, so I created a Limited User acccount but d
software could not connect to d server under this account.
So, what I think if its possible is to have an account
with administrative rights but users will not be able to
install programs when logged in.
Thanks.
Robert Moir
December 5th 03, 07:43 PM
Segun 'Dash wrote:
> I have a program which requires administrative rights to
> run, the program is a server/client type, but I don't want
> other users of the computer to have administrative rights
> especially i don't want them to be able to install any
> program, so I created a Limited User acccount but d
> software could not connect to d server under this account.
>
> So, what I think if its possible is to have an account
> with administrative rights but users will not be able to
> install programs when logged in.
It's not possible, or at least not practical, to have an administrator
account that cannot install software. By the time you've locked down this
account so people cannot install stuff it's not an admin account any more. I
think you've got 3 courses of action
i - find out from the vendor if they have a version of the software that
works properly on a network, and use that instead.
ii - find out from the vendor /exactly/ what things the program needs to do
that admin rights allow it to do and give an account just these additional
rights. Depending on what those rights it needs are, it may be possible to
open these up on a normal account without compromising security.
iii - if it is just the server part of this client/server software that
needs admin access (which is frequently the case) then you can try running
it as a service which means it runs in the background under a different
account from the user who is logged on at the desktop. There are a number of
ways to run stuff as a service but one very simple "Quick and Dirty" way of
doing something like this is to run the software concerned as a task in the
task scheduler, and schedule it to run whenever the computer starts up.
--
--
Rob Moir
Microsoft MVP for Windows / Security
www.robertmoir.co.uk
vBulletin® v3.6.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.