none
Admin Level Account without Full Rights?

    问题

  • I am trying ro install/run a program called Made2Manage (M2M).

    I can sucessfully install and run the program when logged on as our "Everything" account. "Everything" is both a local and domain admin.

    When I log in as "Someone" I run into issues. "Someone" is also a local and domain admin. As far as I can tell "Someone" has the same permissions that "Everything" has.

    As part of the install process I must select a networked drive. M2M however is not showing any of my network drives as options, only my local drives, when I am logged on as "Someone" even though they are mapped and "Someone" has full rights to them. When logged on as "Everything" the network drives are options in the program.

    After install if I log in as "Someone" I can not run the program because it attempts to access the mapped drive and fails. "Everything" does not have this issue.

    I have tried reinstalling the program, remapping the drives, "Run as Administrator", and deleting and recreating "Someone"'s profile. I have ran this same program many times on other machines and it works perfectly including for user "Someone". I have only had this issue once before. In that case deleting and recreating "Someone"'s profile fixed it.

    Any thoughts?

    Thanks,
    Scott

    2012年2月8日 0:27

答案

  • I compared "Someone"'s domain security with "Everything"'s  and made a few changes to more closeley match it. This caused me to get further in the program but it still had issues. I then updated the chipset driver for the motherboard and changed some more domain rights. This got me even closer to working but the program still had issues. Finally I had to grant the Everyone group full rights to the folder the program was installed in. This fixed it completly. Also for some reason "Someone" is not getting the UAC warnings that all the other users get. I did not intentionally disable UAC so I don't know why this is.

    Thank you,
    Scott

    2012年2月9日 12:14

全部回复

  •  

    Hi,

    The issue may related with the UAC settings and firewall.

    I suggest to temporary disable UAC for test, also disable firewall and antivirus.

    Hope that helps.

    Regards,

    Leo   Huang


    Leo Huang

    TechNet Community Support

    2012年2月9日 8:01
    版主
  • I compared "Someone"'s domain security with "Everything"'s  and made a few changes to more closeley match it. This caused me to get further in the program but it still had issues. I then updated the chipset driver for the motherboard and changed some more domain rights. This got me even closer to working but the program still had issues. Finally I had to grant the Everyone group full rights to the folder the program was installed in. This fixed it completly. Also for some reason "Someone" is not getting the UAC warnings that all the other users get. I did not intentionally disable UAC so I don't know why this is.

    Thank you,
    Scott

    2012年2月9日 12:14
  • I ran into a similiar set of symptoms where M2M would only run when logged in as the "administrator" account and none other, in my case it was M2M running under W7 requiring privilege escalation upon program execution and the fact that the mapped network drives were not visible once escalation had been applied. I got errors about database library files not being found on drives that I knew were mapped. I found the following snippet (quoted below) and the registry entry that was the solution entirely:

    "To understand why the network drive is not visible to the programs running as administrator, we have to consider how Windows handles the standard and administrator user access internally. In simple terms, when UAC (User Account Control) is enabled, Windows creates a split personality for your user account: one with the standard user’s access rights to do the the regular tasks, and another one with the full administrative access to the system. When you log in to the computer, Windows tries hard to create the impression that these two personalities are the same: they share the login name and password, the desktop and documents, settings and preferences, and so on.  However, when it comes to mapping the network drives, Windows prefers to treat them as separate accounts (for security reasons). That’s why the network drives created when you wear the hat of the standard user do not automatically become available when you put the administrator’s hat on. This Microsoft article explains it all in detail.

    In any case, there is a way to force Windows to make the network drives available to both the standard and administrator accounts automatically. All you need to do is run Registry Editor (regedit.exe), locate the key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System, and create a new DWORD entry with the name EnableLinkedConnections and value 1:"

    2012年10月3日 18:07
  • Works. Period

    In any case, there is a way to force Windows to make the network drives available to both the standard and administrator accounts automatically. All you need to do is run Registry Editor (regedit.exe), locate the keyHKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System, and create a new DWORD entry with the name EnableLinkedConnections and value 1:"

    • 已编辑 LAIITGUY 2018年6月14日 8:30
    2018年6月14日 8:30