To see what application uses what parts of the registry (and when),
System Internals (http://www.sysinternals.com/) has a tracer that I
swear by, along with a network stack and file system monitor to back it
up.
Your ActiveX situation reminds me of one I have whenever I want a
standard IUSR_MACHINENAME user in an ASP page to use one of my ActiveX
DLLs. You'll need to find the OCX and DLL files that the application
uses and assign read ACLs on them for the user or group. They're most
likely located in the %root$\Winnt\System32 folder, but being a custom
app, they could be anywhere else.
--Jay Lagorio, MCP
http://www.lagorio.net/
-----Original Message-----
From: Antoine Borg [mailto:antoineborg (at) onvol (dot) net [email concealed]]
Sent: Thursday, March 06, 2003 2:15 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Hi ..
Win2k Server with all latest patches and Terminal Services installed.
We have a custom built application that we got from a third-party that
is causing problems through terminal services. Through my login the
program works w/o problems but I am an administrator and do not wish to
have to assign admin rights to every user who may need to access the
stuff remotely.
Can anyone give me an indication as to what rights one may need for:
1) Opening and closing files from a folder on the server (I gave the
respective users full rights on these folders, but the problems still
crop
up)
2) Creating/loading/using ActiveX Controls and COM servers.
I am not sure if there is any registry tomfoolery in it - what is the
best way to discover if the program uses the registry? (I'm slightly new
at this; I realise this is a newbie question, so go easy on me)
Oh, FYI, the problems I refer to are all ActiveX related and refer to
the fact that some controls cannot be loaded and/or created properly.
To see what application uses what parts of the registry (and when),
System Internals (http://www.sysinternals.com/) has a tracer that I
swear by, along with a network stack and file system monitor to back it
up.
Your ActiveX situation reminds me of one I have whenever I want a
standard IUSR_MACHINENAME user in an ASP page to use one of my ActiveX
DLLs. You'll need to find the OCX and DLL files that the application
uses and assign read ACLs on them for the user or group. They're most
likely located in the %root$\Winnt\System32 folder, but being a custom
app, they could be anywhere else.
--Jay Lagorio, MCP
http://www.lagorio.net/
-----Original Message-----
From: Antoine Borg [mailto:antoineborg (at) onvol (dot) net [email concealed]]
Sent: Thursday, March 06, 2003 2:15 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Hi ..
Win2k Server with all latest patches and Terminal Services installed.
We have a custom built application that we got from a third-party that
is causing problems through terminal services. Through my login the
program works w/o problems but I am an administrator and do not wish to
have to assign admin rights to every user who may need to access the
stuff remotely.
Can anyone give me an indication as to what rights one may need for:
1) Opening and closing files from a folder on the server (I gave the
respective users full rights on these folders, but the problems still
crop
up)
2) Creating/loading/using ActiveX Controls and COM servers.
I am not sure if there is any registry tomfoolery in it - what is the
best way to discover if the program uses the registry? (I'm slightly new
at this; I realise this is a newbie question, so go easy on me)
Oh, FYI, the problems I refer to are all ActiveX related and refer to
the fact that some controls cannot be loaded and/or created properly.
Thanks
Antoine
----------
Indecision is the key to flexibility.
[ reply ]