> The basic goal of my questions is to understand the permissions of
> shortcuts when created by administrator, in trying to get end users to
> run programs linked to the shortcuts.
>
> While I have taken server courses etc and use the runas command often,
> I’m still confused by a few things. I wonder if anyone knows the
> answers to these questions.
>
> I understand there may be security issues regarding setting up short
> cuts with various permissions, and that one can use gpo's to
> administer some of these issues, if we can put that aside for the
> moment I’m trying to understand, permissions when putting shortcuts on
> users desktops.
>
> If I create a shortcut to and executable and put it into All users
> Desktop because I want users to be able to use the program, say the
> defrag program,
>
> I can use
> Runas.exe /savecred /user:admin@mydomain "defrag c: -v"
> Run it once. This will save the credentials so next time this shortcut
> should be able to open w/out password being entered.
> Or I could use
> Runas.exe /savecred /user:administrator@localmachinename "defrag c: -
> v"
> That is probably better.
>
> However the confusion for me begins when just creating links/shortcuts
> to the desktops.
>
> I have see situations where the Administrator just right clicks on the
> program and says create shortcut and then the program sometimes runs
> for all users, other times it does not.
>
> Now I have not even explored the options of when you take a shortcut
> and then open the security settings on it and how that affects the
> running of the program.?
>
> Regards
Thatdepends on the application. Each one runs differently based on
context, which temp folder it uses, etc. For example, while logged in
under a domain user account (no local Admin rights/perms), if I try to
install Java and use the Runas Administrator, it fails half way
through. This is because it's tryhing to use the Administrator's temp
folder, which is in a different profile. You can try to finnagle it but
going into system properties, changiung the temp location variable.
What I did in this scenario, was logon on as Domain admin, put the user
into the local admin group, logon the user, run the Java installation,
then log out, remove the user from local admin, then log them back on
again.
So it really depends on the app. No two software writers think the
same.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Similar Threads
Linear Mode
