Hello. Im having here a problem with Microsoft Picture IT.
I have installed in a workstation that works under a Microsoft Domain. This user can NOT have administrative rights, not localy and not on the domain.
But my problem with this, his that he needs this program so he can work, and the only way to make this program to work is giving local administrative rights.
I was wondering if there is an aplication, like Burnrights form nero, that could solve this problem.
Or maybe a script to "run as" administrator.
Is there a way to create an account with administrative rights, that can't login, but can run programs using the option "run as" ?
But this "Run as" does not please me, because this person can try to install a program using the same technique and will manage to install programs.
Does anybody have a solution.
I have tryied Microsoft, but they suck, they just told me to check there forums, there are nothing there.
An expensive software, and this is what they say :(
im glad to be a linux user, ehehe :D
June 17th, 2005, 12:55 AM
Picture it is part of the M$ works suite. Meant for home use AFAIK
So let the user have admin or cough up for Photo Shop or other??:)
June 17th, 2005, 01:26 AM
for security reasons, this user can not have administrative previliges at so ever.
Maybe i will try paint shop, or maybe gimp since its free.
Thanks for the reply
June 17th, 2005, 01:50 AM
It's more than likely that it can be made to work without them being an admin, you just have to fiigure out what file system and regisrty rights they need. Regmon and filemon from http://www.sysinternals.com/ may help you figure out where you have to give rights.
June 17th, 2005, 01:53 AM
Thanks for the reply
Its a great idea, for what i understood this program checks every files and every register values and keys, that a specified program uses.
June 17th, 2005, 03:28 AM
try making a batch file that starts the program using 'runas' local admin. make it a com file using bat2com and replace the shortcuts for the program with a shortcut to it..
this is pretty poor security as the local admin password can be gotten using 'strings' if the user is savvy, but the worst that could happen is he/she'd gets local admin rights. just depends on what kind of people you work with.
you could take this a step farther and start the program using a new local admin account created just for this purpose and make the password using upper ascii charecters like ÞÅ§§WØ®Ð.
...just a quick stupid thought
June 17th, 2005, 09:39 AM
but im afraid that in the batch file the user edits, and check the username and password. This user is not a hacker or cracker.
But he is a threat for the local computer and domain security. This is the kind of user that if a program says "Hello i want to destroy all your computer data, will you let me? YES NO" he will probably say "yes", llool
Lots of virus and worm virus, comes from this user, cause he used to have local administrative rights, i have been tracking the compani virus and worms, spyware, joke virus and trojans, and this activity points to that user, and i have checked up his computer, and it was a mess, lots of virus, worms, trojans and spyware.
Thanks for all your help, i will try the program that Irongeek sugested, and if it doesn't work i will install Gimp.
June 17th, 2005, 01:00 PM
Be warned that GIMP is way more complicated to use than PictureIT. That's probably not your problem since you work in IT, but food for thought.
Have you considered setting up a standalone machine with rudamentary network access? Maybe a workgroup machine sharing a save folder?