In the screenshot below, I’ve already added C:\Program Files\Meals Plus. From here, you can browse to the exact file or folder that needs additional permissions assigned. Right click on File System and Select Add File. Navigate to Computer Configuration/Policies/Windows Settings/Security Settings. I prefer keeping all related settings, such as security settings or preferences, in a single GPO. ![]() Launch the Group Policy Management Console and create a new GPO named APP_Your Application Name (ex: APP_Adobe Reader). Looking through the logs, you can further filtered to DENIED actions and see the exact permission that are needed. You should now see exactly what your application is doing and the permissions needed to do it. Find your application in the capture, right click and filter only to it. Start your application as a standard user and reproduce any errors that you’ve received. Like that annoying friend with no filter, it will literally tell you everything. Process Monitor can be a little overwhelming at first. Ideally, install and run Process Monitor on a dedicated VM that has little else running on it (no AntiVirus, no indexing, etc). Microsoft’s Process Monitor will show us what permissions are needed and it can be downloaded from here. ![]() If the developer doesn’t follow best practices with permissions, they probably don’t write helpful error messages either. If the application is nice enough to say, “Hey – I can’t write to C:\StupidApplication\”, proceed to problem 2. How can I distribute these permissions automatically?.What permissions does this application require?.We have to overcome two problems to solve this issue: ![]() Applications that write outside of these locations need additional permissions delegated to work properly with a standard user account. The primary location they control is their own user profile. Standard users can write to just a few locations on a local machine by default. Let’s talk about solutions for these three big problems.įixing File, Folder, and Registry Permissions with Group Policy We can break down administrative requirements into some pretty broad categories such as: file permissions, registry permissions, and User Account Control issues. Though this guide won’t fix every single application that requires admin rights, it will solve the vast majority of these issues. On the other hand, I can’t wait to prove them wrong. On the one hand, I am irritable at that developer who can’t be bothered to follow best practices. There are few things I love more than hearing, “This software requires Administrator rights.” Statements like this make me irritable and elated at the same time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |