Does anybody know how to check the permissions on the local system account on Windows Server 2008?
Right-Click My Computer-->Manage-->Local Users and Groups-->Right-Click User and Go to Properties-->Member of tab
Related
Apologies if this is a really simple question...
We have a .NET application that is installed by an administrator, and then run by multiple staff on the same computer with their own login credentials (normal user - non-admin).
Application uses MSI installer and is installed to Program Files folder.
The application needs to have some settings about attached devices to the computer saved as preferences so when a user opens the app these settings are set and the user is not asked for preferences each time. These preferences should not be set per user, rather per computer.
However if user A changes one of these settings on the computer, then when user B logs in they should see the changed setting from user A.
Hence the settings need to be per computer, not per user.
Where in windows 7,8,10 etc. can an application save data that is computer specific not user specific, yet allow users without admin rights to change that data?
We have looked at system temp folder but the computers have GPO policy to regularly remove temp folder content.
Any other ideas?
It takes administrator rights to change the permissions on a registry key inside HKLM, but once that's done, anyone in the group given permission can make modifications.
Obviously don't change permissions on any of the standard keys (e.g. HKLM\Software or HKLM\Classes) but in your own application area (HKLM\Software\YouCorp\YouApp\Attached Devices) it's perfectly fine to adjust permissions the way you like.
You'll just have to include "grant write permission on HKLM\Software\YouCorp\YouApp\Attached Devices to the group Users" as one of the actions of your installer.
If you are allergic to the registry, you can do the same with a subdirectory of your application install (e.g. %ProgramFiles%\YouCorp\YouApp\Device Settings)
Given you are using a .Net application, you could store the information in the app.config file associated with the application.
My school has blocked literally everything on my windows laptop, I can't access cmd, gpedit.msc, regedit, setting/control panel and pretty much anything else you could think of that could disable admin restrictions. So how would i disable admin restrictions, i'm uses windows 10 (can find edition as info is blocked).i just need to be able to access one of the above mentioned things
You can not disable "admin restrictions" if you are not part of the admins group.
The Administrator is the account who can change any configuration in your computer.
There is a group called "Administrators" those accounts can change any configuration in your computer too if they have the administrator role asigned to that group.
By default the first account in your PC is the administrator.
Check this link for a better explanation.
try opening cmd using powershell by typing
"start cmd"
Running the very nice BGInfo tool to uniquely identify various computers. However, in trying to run on Windows 2008 Server R2, I am getting following error:
"An error occured opening the Default Desktop registry key. Please ensure the current user has rights to change the Logon Desktop settings: Access is denied."
The program is started via a shortcut placed in "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup", and that shortcut is specifying a .BGI configuration file (versus reading settings from the Registry). Thoughts on why the error happens for user other than the Administrator?
On a more in-depth level, I am curious if anyone knows why BGInfo must open the "default desktop registry key" and what it is updating in the "logon desktop settings" (phrase in quotes taken from the original error message)?
BGInfo needs to update the registry to set a default login desktop for all RDP users.
You need to run BGInfo with elevated privileges initially. That can be done as described by creed929 or by right-clicking on bginfo.exe and running as administrator. Once the settings are saved, subsequent user logins will not need the elevated privilege to see the BGInfo background.
From an administrator account. I was able to right click on bginfo.exe. Go to Compatibility tab and check the Run this program as an administrator. This seemed to then allow me to apply the settings without the Default Desktop registry key error.
I can access the location where the VSS database files allocate. I can also manipulate the users.txt file for VSS. How to How to add a user for Visual Source Safe without an admin account, but by directly manipulating the files?
How about simply resetting the VSS admin password?
http://not42.com/2005/06/16/visual-source-safe-admin-password-reset/
http://thetrainerph.spaces.live.com/blog/cns!9F717AF2A2401F0F!2809.entry
My feeling is that it's a gamble when it comes to editing files for VSS. Yes, they're just files, but what side effects could there be by taking this backdoor approach? It's an unknown quantity on what actually happens within the VSS Admin console when adding a new user. Why not just do it the right way?
How about creating a local Windows account on the server named Admin? You should have free reign to add new users to VSS, apparently. That's teh suggestion on this thread at microsoft.public.vstudio.sourcesafe from 2003. Your mileage may vary, depending on version.
If you just want to add new users, create an NT account called Admin and run
SourceSafe Admin as that user - no password prompt will appear! You may
have to add "Use_Network_Name = Yes" to the srcsafe.ini file for this to
work. The only thing you can't do is change the password, because you need to know
the old password to do that.
I have a application need to run under Administrator right, If I run it with Guest user account, after click the UAC dialog, using Windows API to get the current user folder in AP will be changed to Administrator folder, not Guest folder. How to solve it?
Get the current user folder before triggering the UAC dialog, store it somewhere and pass it to the code that runs after the UAC.
If this does not work for you, please explain why and post some code.