In the course of thier worklife most any admin will come accross those programs that demand administrative priveledges in order to run. While sometimes it may be acceptable to give a user local administrator rights, this is generally a poor idea. Especially when there are some really great tools out there to help guide help you work around this issue. Today I would like to have a look at a great freeware utility from SysInternals named Regmon that can help you achieve least priveledge bliss.
Lets start off with a program that refuses to run under normal user rights. For my example I will be using Family Tree Maker 2006 which balks whenever I attempt to run it with non administrative credentials. Many programs know how to gracefully prompt you for administrative credentials when you launch it, but more often than not the application will crash, burn and die a horrible death. The later is the case with FTM 2006 as it reports to me only that "Critical components are missing, please uninstall and reinstall." In some cases it is possible to grant administrative priveledges for a single launch of the application in order to facilitate necessary registry writes and then revolk those rights. In this case and many others, this has not worked.
It's time to bring in Regmon. One of the great things about Regmon is that it doesn't have to be installed and is run from a single executable. Make sure that you are logged in to the PC with a lower priveledged user and use run as to launch Regmon using alternate administrative credentials.
Once in Regmon we need to set up a filter in order to block out the routine system calls that are occuring that we are currently not interested in. You will immediately see Regmon scrolling long lists of values. Choose File > Capture Events (CTRL + E) to temporarily stop the capture. Then choose Edit > Clear Display (CTRL + X) to leave you with a blank window.
Now comes the cool part. Choose Options > Filter/Highlight (CTRL + L) to bring up the Regmon Filter dialog box. In the include box enter your program executable, FTW.EXE in this case. Also uncheck the box titled "Log Successes." Click OK and then turn Capture Events back on (CTRL + E). You should continue to see a blank window. Now lanch your program and watch the entries pour in.
Now the task is to give access to the appropriate registry keys that are showing as Access Denied and depending on the program there may be quite a few. After fixing the registry permissions try relaunching your program and it should work. If not, you may also have file based permission issues. Have no fear though, I also have a great tool for that issue and we'll talk about that next time.
Have a great day
Tuesday, August 22, 2006
Subscribe to:
Posts (Atom)
Posts
