Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Problem while installing programs as administrator

Jota.Ce

By Jota.Ce
in Software Chat

Recommended Posts

Jota.Ce

Jota.Ce

Posted
Posted

I've deleted and re-created all accounts in 15 computers by a BAT to have same config in them (they were heavily different in some things).

- 1 for a teacher (administrator privileges) with password: Administrator account is only used by me, this one is for a teacher.

- 7 limited accounts with pwd

- 1 limited account without pwd

I'm operating as the teacher, just to check all is working. While i was cleaning some shits in installed programs i could saw there were some programs installed, but not appearing on "Add & Remove...". I discovered that those program's folders were protected in Program Files... i mean, i couldn't enter in them to uninstall manually. I had no permissions to do that (even with Administrator account !!!). So i took permissions over those folders to delete/uninstall them. No problem then.

But the problem is... i installed WinRAR as a teacher (admin privileges) and when i tried to use it on a limited account i saw i couldn't. As a limited user, i couldn't enter in WinRAR folder (at Program Files), since ONLY the teacher account could. No problem, i give permissions for normal users over WinRAR folder (i have to do that on 15 computers grrrrrrr).

But... there's a way to avoid that, i mean, in normal situation, when the teacher installs one program, all users should be able to run it (if it's installed for all users). In this situation i think it can't be possible (though i've only seen this WinRAR situation)... i guess it's caused by only a Group policy or something similar, but all accounts are new (they're created some days ago), so no config in Policies has been done.

My goal is:

- The teacher installs one program for all users

- Each account can use that program

- Each account can access Program Files dedicated folder (not write, but at least read)

- Not having to install programs through Administrator account (and i fear it could not work as situation is going wrong)

Can you help me ?

PS: I can't re-install Windows XP (but i would like) and also i can't make an HD image and load it in each computer (they have slightly different programs installed)

Link to comment
Share on other sites
  • Replies 8
  • Views 862
  • Created
  • Last Reply
HX1

HX1

Posted
Posted

Well thats why I was wondering.. Seems like you can correct this with the Security Policy if I remember right..

There is a program out there that will allow you to adjust all of these settings be account, and I believe the settings can be exported so you can transfer these over to other systems.. I would give it a look.. be very careful you can give yourself a headache looking at all the settings and understanding them properly as you traverse them..

The program is called SecAgent - Advanced Security Administrator. You can find it on a search engine somewhere.. I have a copy of it..I don't know how up to date it is however. I think especially if this is what you do for a living this could make your life a lot easier. This is just one recommendation however. It gives you a little more insight on several areas.. You can also configure a system as a Kiosk.. so be careful.. You can undo them as well.. The unique feature is that should certain things occur.. it can lock down the account..and deny access to various areas as a precautionary measure.

I will look into what you stated above a little more when I have more time...but I do recommend the program I mentioned above..

I almost forgot there is a program out there called BeTwin as well that may be of use depending on how you want to approach this problem..

Link to comment
Share on other sites
Jota.Ce

Jota.Ce

Posted
  • Author
Posted

I need:

- Limited acounts can read an view all in Program Files (if they can view, they can run, of course)

- Admin accounts can read/write/view (i think the most important account, Administrator, can't do that, since permissions are only given to the teacher admin account -> WTF? )

- Future installations share the same permissions. It gets no sense if i have to reassign permissions each time the teacher installs one program more...

I saw this is a common behavior in other computers outside that classroom (and deleted WinZIP was installed only for admin account), so it might be a policy configured from the very beginning.

I also saw the most strange thing this morning while installing JDK 6.0 and JCreator with teacher account. JDK folder was installed with normal permissions (Admin->Full, Limited -> Read only) and JCreator folder with permissions only for the teacher. WTF^2?? So in a limited account JCreator shotcut didn't work, but JDK did. WTF^3???

This is a horrible situation, i can't reach to understand it.

But anyway i think the teacher won't install too many things, so it might be possible to tell him to add permissions for limited users (it's a fast procedure).

Thanks for your patience ;)

Link to comment
Share on other sites
someone

someone

Posted
Posted

Strange behavior indeed. you say:

I need:

- Limited acounts can read an view all in Program Files (if they can view, they can run, of course)

- Admin accounts can read/write/view (i think the most important account, Administrator, can't do that, since permissions are only given to the teacher admin account -> WTF? )

- Future installations share the same permissions. It gets no sense if i have to reassign permissions each time the teacher installs one program more...

This is the default - By default ADM account have full rights and the limited account can read/execute but can't create/modify nothing in the Windows folders (like Program files,Windows...) and can change settings that only affect the proper user account. You tried recreate the accounts again? Or create the ADM account by windows and the limited accounts by the bat?

Sometimes the problem is with the software that are not created to work in LUA - or cannot depending in what it do.

Maybe this can help you:

http://translate.google.com/translate?u=http%3A%2F%2Fkay-bruns.de%2Fwp%2Fsoftware%2Fsurun%2F&langpair=de|en&hl=de&safe=active&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

Link to comment
Share on other sites
Jota.Ce

Jota.Ce

Posted
  • Author
Posted

I forgot to thank you all, i'm a little busy at this moment, but i'll investigate your suggested solutions in some days.

Thanks ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...