RE: Admin Rights required on Terminal Services

["Conlan Adams" <conlan () midwesteyebanks org>]

A few utils may help

Filemon and regmon from sysinternals.com will show you all file and
registry access happening on the machine.  Stop all programs but the one
you want to run, and watch and see what files/directories it accesses,
as well as registry keys.  Give access to those locations.

If it still doesn't work you can check out handle, and listdlls or
process explorer and double check.

Conlan Adams

-----Original Message-----
From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] 
Sent: Thursday, March 17, 2005 10:46 AM
To: security-basics () securityfocus com
Subject: Admin Rights required on Terminal Services



Dear List,

We have an application that needs local admin rights to run

This is a legacy application, and cannot be run as a service

We are planning to run the application on a Terminal Services server
(Win 2K3)

Clients cannot run the application thru TS, since they do not have local
admin rights

One option is to put the users as local admins, and restrict the menus
to which they have access through Group Policy

Is there any other way to make users run the application without givin
them local admin rights?

Tried to look at "runas", but user will need to enter the administrator
password

Thank u all for ur help

Ronish