newbienewb wrote: I am testing AD in my test lab given to me by my head,I installed AD in a pc with windows server 2003 and joined another pc which has windows 2000 professional installed into the domain;In our organisation, different departments use different softwares to meet their need;I am first asked to test the win 2000 pro system with the accounting software installed;I can start and use that software if I login to the system as a domain administrator; however if I logon as a domain user and start this software, the software not even initializing or starting! I thought the solution may be starting this application alone with administrator privilege! If this is the right solution how to accomplish this? or if there anyother solutions available? please note:the members of the domain has to be a domain user; And member computers can only be installed only windows 2000 professional Thank you
keatron wrote: Try adding the users who would use this program to the Power Users group. This will probably give them the priviliges they need without giving them admin rights. By default Power Users are given write and modify permissions to the folder you specified (Common Files). Also by the default, any folder created inside the Common Files folder will inherit permissions from the parent folder (which is Common Files). So you have two options actually. As I've already said, add the users to the Power Users group, or go the the software file folder, right click it, select sharing and security, then select the security tab. Now you want to assign the group or user/users you're testing the proper permissions. You will need to click the advanced tab at the bottom of this page, then uncheck the box which reads "Inherit parent permissions etc etc etc." Then you'll want to check the box immediately under it, which reads "Replace permissions entries on all child objects etc etc etc". In most cases, this will do it. If security is a major issue here, I suggest the second option, because simply adding them to the power users group will probably give you the results you want but it will also give them read, write and modify permissions to all of the folders and files in the "Program Files directory, as well as un-needed permissions on other vital system files and folders. Always remember "Principle of Least Privilege" Keatron
Trailerisf wrote: keatron wrote: Try adding the users who would use this program to the Power Users group. This will probably give them the priviliges they need without giving them admin rights. By default Power Users are given write and modify permissions to the folder you specified (Common Files). Also by the default, any folder created inside the Common Files folder will inherit permissions from the parent folder (which is Common Files). So you have two options actually. As I've already said, add the users to the Power Users group, or go the the software file folder, right click it, select sharing and security, then select the security tab. Now you want to assign the group or user/users you're testing the proper permissions. You will need to click the advanced tab at the bottom of this page, then uncheck the box which reads "Inherit parent permissions etc etc etc." Then you'll want to check the box immediately under it, which reads "Replace permissions entries on all child objects etc etc etc". In most cases, this will do it. If security is a major issue here, I suggest the second option, because simply adding them to the power users group will probably give you the results you want but it will also give them read, write and modify permissions to all of the folders and files in the "Program Files directory, as well as un-needed permissions on other vital system files and folders. Always remember "Principle of Least Privilege" Keatron With programs like QuickBooks, you need to give the local users access to the folder. All of our domain users are power users to begin with. It good advice, but you need to plan for it not working. But you should follow keatron's steps first.
