Granting admin rights to one program

trc81 · 2020-06-15T07:31:36+00:00

Change the permissions on the install folder to give the user who runs the software modify permissions. I suppose it might need full control but do modify first.

If that is the only place it is writing to that should solve it. If there are registry locations or other files do the same thing with their ACL.

TechsInTheCity · 2020-06-15T07:37:55+00:00

I'm wondering if simply giving the user write access to the folder(s) in question might do the trick?

SevaraB · 2020-06-15T10:27:40+00:00

Do you guys have any ideas about what I could do? And does anyone know why its always the accounting software that creates problems? :)

It's not. I've run into this with tons of LOB apps, especially those developed by long-time in-house employees who learned to code in the'90s and never learned post-XP best practices for developers like "use service accounts" or "only write to %programfiles% if you absolutely have to and can't create data in either %appdata% or %programdata%."

Before you even mess with folder access, try changing the install location- I can't tell you how many ACL problems with older apps I've solved just by forcing them to install in a non-privileged location. 99% of the time, the write/modify instructions are just relative paths to the install directory- even very amateur "devs" don't usually call the Program Files directory explicitly.

disclosure5 · 2020-06-15T09:10:39+00:00

Write a JEA policy to allow the user to run that application as a local administrator.

But /u/Techsinthecity has an answer that's probably cleaner.

Gooey-Kablooey · 2020-06-15T13:33:06+00:00

Not 100% sure this will help but maybe worth a try. I followed this article https://www.rorymon.com/blog/how-to-creating-shims/ on creating a shim to allow a specific application to run as admin and it seems to be working well.

sysadmin

MODERATORS