Category User Profiles ; Permissions; Useful Commands
Description
We are beginning to remove Domain Users from having Local Admin rights to their workstation. We have an application that will not launch properly without having local admin rights. To make the scenario more interesting the application spawns multiple processes so even if I use the command runas /user:domain\username “application.exe” the application fails to launch correctly.
Resolution
I executed the command cacls c:\appdirectory /e /t /p users:c to give the local users group change permissions on the applications directory. Because the application spawns multiple processes located in multiple directories I had to use the Sysinternals utility Process Monitor to locate all if the directories that are accessed by the application. Tip: If you use the Filter menu it is much easier to locate the necessary information. After running the command in each directory accessed by the application everything worked fine.
References
