Applications that require Admin access to run

wkomar's picture
wkomar
September 18th, 2008

I've done some searching but havn't been able to find an answer, so I'm resorting to posting in this forum :)

Does SVS offer any solution for applications that require administrator access to run?

I always thought that virtual layers would essentially give applications the ability to do whatever they wanted in a controlled virtual environment. This should allow normal users to run apps that would otherwise require admin access.

The software in question is the client for Leap Legal http://www.leap.com.au/ and of course Leap's solution is to give the users Administrator access, which is not really an option.

I have tried running it as a virtual layer through SVS, but it still does not work for normal users. We've started looking at giving access to select folders and registry to get it working, but it is turning out to be a pain, and was hoping there was an easier way?

Filed under: ,
0 votes
ThomasVogel's picture
ThomasVogel
1 year 9 weeks ago

What kind of administrative access is required

Can you tell, what kind of administrative access is needed by the software.
You mentioned already that you gave permissions to access specific registry entries and directories.
How did you come to that list.
Does the software, when starting up, request administrative access or does it simply not start?

So, here's the recommendation:
Use the tools FileMon and RegMon from www.sysinternals.com (or even their new filemanager) to find out, which directories/registry keys would be accessed.
If it is the normal case of non-Microsoft-NT conform software (which accesses e.g. HKLM or the application's installation directory), you can at least find out, what's going wrong. Once you did that,you might adjust your OS...

0 votes
jdulle's picture
jdulle
1 year 8 weeks ago

Give rights to the redirect areas

You can give a locked down user administrative rights to all of the files and registry keys in a package by granting them permissions to the file and registry redirect areas. If the app is trying to modify windows components that are not included in your package that a locked down user would not have rights to is where you may run into problems. After importing the package you need to figure out what your read and write layer numbers are. Run svscmd.exe enum -v. Find the layer name and the section that says Redirect locations it should say RO=#, RW=#. That is your read and write layer numbers. Browse to C:\fslrdr\ and grant machine users modify rights to the two layer directories for your package. In the registry you need to go to HKEY_LOCAL_MACHINE\SOFTWARE\fslrdr\ and grant users full control to the same to numbered keys. Now try your app out with a locked down user. If you still run into problems use filemon regmon to see what it is hitting against.

0 votes
MBHarmon's picture
MBHarmon
1 year 8 weeks ago

Application Control

The solution that you'd want to use for this type of issue would be Application Control Solution. My understanding is you can set the level of rights each items run with.

- Matt

0 votes