Altering Permissions for Windows 2000 Apps
Novell Cool Solutions: Tip
By Tony Kwok
Digg This -
Posted: 23 Jan 2003
Assigning user privileges in Windows 2000 is what you want as an administrator, but it causes problems for apps that need additional file system permissions, registry permissions, shares, etc.
To resolve most app compatibility problems, I use a free utility called setacl.exe found at: http://www.helge.mynetcologne.de/setacl/
Hats off to author Helge Klein. This all-in-one utility is WAY small, robust and more granular than others I've used. It can be added to a login script, in the Run After Distribution script, or in the run launch scripts to dynamically alter permissions before and/or after running an app.
For example, to fix a problem with MS Photo Editor (Q260151), I run the following:
setacl.exe "MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters" /registry /grant Users /full
Just remember standard rules apply: you must run as system user to change HKLM or file/print permissions not normally available to user privilege.
Additionally, I copy setacl.exe to SYS:\Public dir on the server and give the trustee Public RF rights to just this file. (If you're security conscious, this is not for you). This way, an app object running under system context can still access it.
If you have any questions you may contact Tony at email@example.com
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com