Hi,

Suspect the answer is yes but too lazy to work it out for myself :-)

Situation is:-

Users logging into a netware server, majority do not have Windows
administrator level.

During login to Netware, my exe runs, does all kinds of stuff including an
attempt to update a couple of HKLM registry settings. Works great but is
obviously failing on the registry updates when it's (say) Guest user logging
into windows.

I know the Windows administrator password in most cases and want to make
this happen without an 'administrator visit' to the many machines involved.
BTW, no Windows domain thing going on - just windows PCs accessing a novell
tree.

Rather than getting into the api side of "being user administrator" (not
been there, don't know how), was wondering if SB gave me some options (I
have no problem with running some sb generated exe to quietly update the
relevant registry settings).

If it makes any difference, this is headed for 2k/XP machines - no sniff of
Vista/later.

Thanks for any pointers on this...

Simon


--

I think you'll find that for current versions of XP, an account needs to be
at least a Power User in order to write to HKLM (pic).

Even if you did a runas in SetupBuilder to call an xyz.reg script, regedit
would pop up a "do you want to update this?" message box.

And Runas won't let you supply a password from the initial command anyway.

Perhaps you could create a task, where you can specify the user account and
password, and have that task run a setupbuilder project that updates the
registry???

Jane Fleming

Hi Jane,

> I think you'll find that for current versions of XP, an account needs to be
> at least a Power User in order to write to HKLM (pic).

Is that SP3 or is there an SP4? Does that also apply to both XP Home and XP
Pro or just Pro?

> Perhaps you could create a task, where you can specify the user account and
> password, and have that task run a setupbuilder project that updates the
> registry???

My Vista insists on admin login to run the task scheduler, but maybe you can
create tasks without being logged in as admin.

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com

Icetips product subscriptions at http://www.icetips.com/subscribe.php

Screen shot I attached is from XP Pro SP3.

I'm not experienced with Home. Apparently its permissions mechanism is the
same, but I don't know about its defaults.
http://support.microsoft.com/kb/310426

Jane Fleming

Hi Jane,

> Screen shot I attached is from XP Pro SP3.

Thanks:)

> I'm not experienced with Home. Apparently its permissions mechanism is the
> same, but I don't know about its defaults.
> http://support.microsoft.com/kb/310426

I suspect Home is more relaxed. I don't have SP3 on my XP home, just SP2
and it does not have issues with writing to HKLM from a "standard" user
account.

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com

Icetips product subscriptions at http://www.icetips.com/subscribe.php

Hi Arnór,

> I suspect Home is more relaxed. I don't have SP3 on my XP home, just SP2
> and it does not have issues with writing to HKLM from a "standard" user
> account.

Is your "standard" XP user account a "Limited User" account (no admin nor
power user privileges)? In a XP "Limited User" account, an application
can't write to any protected Windows area (e.g. Program Files folder,
Windows folder, HKLM registry, etc.).

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

Hi Friedrich,

> Is your "standard" XP user account a "Limited User" account (no admin nor
> power user privileges)? In a XP "Limited User" account, an application

Admin. I believe XP home and pro install an admin account during install
that is the default account unless you manually add (guest/non-admin)
accounts?

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com

Icetips product subscriptions at http://www.icetips.com/subscribe.php

Arnor,

> Admin. I believe XP home and pro install an admin account during install
> that is the default account unless you manually add (guest/non-admin)
> accounts?

Yep. That's why I added 3 other accounts for testing...

Lee White (Lodestar)

Hi Arnór,

>> Is your "standard" XP user account a "Limited User" account (no admin nor
>> power user privileges)? In a XP "Limited User" account, an application
>
> Admin. I believe XP home and pro install an admin account during install
> that is the default account unless you manually add (guest/non-admin)
> accounts?

Okay, that's why I asked. A "Standard User" account in an UAC-aware system
is similar to the "Limited User" account in XP.

In the past, most XP users lived in "Admin" mode (against all Microsoft
recommendations) and most developers designed the application in such a way
that Admin privileges were required (against all Microsoft recommendations).
So write access was not really a problem. Until now! I know quite a few
developers who have a complete support nightmare because their application
cannot run correctly in a "locked down" XP environment. A fatal design
issue. If an application does not work in a locked down XP environment,
it's by definition neither UAC-aware nor Vista/2008/Windows7/Server7
compatible.

A "Limited User" account is very similar to the resource protection in an
UAC-aware operating system. But UAC systems have a big advantage -- the
"over-the-shoulder" (OTS) credentialing feature! Privilege elevation allows
administrators to run the majority of their applications at a safe privilege
level, but also allow processes and operations that require administrative
privileges. "Over-the-shoulder" (OTS) authentication (or aka
"credentialing") allows an Administrator to grant elevated privileges to a
program while a Standard User is currently logged onto the system.

A Limited User under XP can not write to protected resources. If an
application has to write to the Windows folder, or to the Program Files
folder, or if you write to the HKEY_LOCAL_MACHINES registry key, it needs
Admin privileges in XP. This "resource protection" goes back to NT4 and is
fully integrated in Windows 2000, Windows 2003, Windows XP, Vista, Windows
Server 2008, Windows 7 and Server 7.

In most companies, users are living in a "locked down" XP environment today.
That's why more and more applications begin to fail even on XP machines.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

Hi Friedrich,

> In most companies, users are living in a "locked down" XP environment today.
> That's why more and more applications begin to fail even on XP machines.

Yep! Time to making them _windows_ compatible - it's only been what? 10
years since it was added to w2K wasn't it?<g>

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com

Icetips product subscriptions at http://www.icetips.com/subscribe.php

>> In most companies, users are living in a "locked down" XP environment
>> today.
>> That's why more and more applications begin to fail even on XP machines.
>
> Yep! Time to making them _windows_ compatible - it's only been what? 10
> years since it was added to w2K wasn't it?<g>

Argh! 10 years??? I feel so old today, and from what I see in the mirror,
I'm looking it as well <g>

Friedrich

DON'T GO THERE, YOUNG MAN!!!! <g>

Ol' PruneFace

Jane Fleming

He can borrow my picture. Craig Ransom use George Hamilton's on Clarion
Live because mine was not available (he says in all modesty <vbg>)

--
Russell B. Eggen
www.radfusion.com
Clarion developers: www.radfusion.com/devs.htm

> Argh! 10 years??? I feel so old today, and from what I see in the mirror,
> I'm looking it as well <g>

Like I told you the other day, Halloween is just around the corner and
neither of us have to dress up in order to scare people<g>

:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.clarionproseries.com - "Get ProPath, make your Clarion programs ready
for Windows 7 and Vista!"
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------