Google Answers Logo
View Question
 
Q: Windows 2000 Pro- Programs Do Not Launch In Other Accounts ( Answered 4 out of 5 stars,   1 Comment )
Question  
Subject: Windows 2000 Pro- Programs Do Not Launch In Other Accounts
Category: Computers > Operating Systems
Asked by: radioguy-ga
List Price: $40.00
Posted: 10 Aug 2003 16:08 PDT
Expires: 09 Sep 2003 16:08 PDT
Question ID: 242281
I have Windows 2000 Professional on my home computer, I diced to buy
win2k because at work we use this OS and works GREAT. Some of the
programs work Only in Administrator Account and Sometimes I copy the
shortcut into All Users Fold, in Document and Settings Folder and
sometime I can install programs with Administrator Rights to that
folder

On the boxes that software comes with, say their work on Windows 2000
So the Question that ask how do I install these programs so they work
on other Users Accounts, Do I need a special program from Microsoft to
make this work, or is the  special way of setup accounts on the
computer. I have a house full of Kids, I am getting tire of re-install
the OS. Because of viruses, spy bots, from them downloading thin from
Internet. I am also finding out that Restrict Users can download stuff
from Internet and install them.

System:
Windows 2000 Professional, Service Packs 4 with all windows updates
installed
Motherboard: MSI K7N2G
Athlon™ XP 2700
512 MB Memory DDR 266
80G Maxtor Hard Drive 
Onboard sound (NVIDIA nForce2)
Onboard LAN
Onboard Video 64 MB (NVIDIA nForce2)

Software I am have problem with:

Winamp3 (works in administrator Account only)
Easy CD Creator 5 (Works only in Administrator, Power Users account)
Ulead Photo Express 4 SE (work only as Administrator
MGI Photo Suite 4 (work only as Administrator)
WinZip 8.1 (works on all account, but does not allow extract the file
in folder creator by administrator)
Nero 5 Burning Software (work only as Administrator)
Kazaa Lite K++ (work only as Administrator)

Thank you for help, I have a hard time understand this, Cooperate
America use this Win2k every day, I work at a Nursing home all of the
computers on the floor I work on has win2k, if so I Feel bad for IT
Professionals that have install software on computer

If a researcher at Google Answers can answers the question and take
the time explain it right, So that this home user can understand IT I
will pay $60.00 more for it equal to a $100.00 Question.
Answer  
Subject: Re: Windows 2000 Pro- Programs Do Not Launch In Other Accounts
Answered By: aht-ga on 10 Aug 2003 21:01 PDT
Rated:4 out of 5 stars
 
radioguy-ga:

I feel your pain... invariably, at least once every couple of months,
I find myself going through the ritual of reinstalling Windows 2000
from scratch on someone's machine, due to downloaded software gone
awry.

I'd like to say that there are simple answers to your questions, but
due to the complexity of Windows 2000, "simple" is a difficult
request! I will do my best, though, and am more than happy to provide
clarifications as required. Also, this Answer is a long one, so please
consider cutting and pasting it into a text document and printing it
out for easy reference.


First, there are some general points that I should cover. As you
already know, Windows 2000 carries on the security and user
administration capabilities of Windows NT. This means that for every
resource on the computer (folders, programs, devices), it is possible
to specify which users have the right to access it, and what they are
allowed to do with it.

For files and folders, restricting access requires that the hard drive
be formatted with the NTFS file system. This NT File System includes
security parameters for every file and folder. In constrast, the FAT32
file system used by Windows 98 does not allow for security parameters.
Therefore, it is not normally possible for the FAT32 file system to
restrict access based on user rights. Many people regard NTFS as the
superior file system due to its inherent security controls, while
others find it a nuisance since it requires a lot more work to make it
work right (as you are finding out!).

By default, for safety's sake, several resources are automatically
restricted to users who are given the status of Local Administrator
(including the "administrator" account). An important example of this
is the right to make changes in the system directory where Windows
2000 stores its own files; in other words, the C:\WINNT folder (in
this example, your "system" drive is C:, and the "system" folder is
"WINNT"... your actual situation is probably the same). What this
means is that only a Local Administrator has the right to add, modify,
or delete files in C:\WINNT and its sub-directories.

Unfortunately, although Microsoft has been trying for the past four
years to educate the developer community on what constitutes a truly
Windows 2000 compliant program, not all developers listen. One common
error they make, is attempting to store files such as INI files
(program settings) and DLL file (dynamic link libraries... basically,
files that contain all of the actual functions that the software needs
to interact with other components in your computer). Normally, if a
user who does not have admin rights attempts to install such a
program, the installation program will encounter an error, and exit
without installing the program.

However, even if the program is successful installed by a Local
Administrator, it does not guarantee that all users will be able to
use it. If the program has stored an INI file in C:\WINNT or it's
subdirectories, by default a non-admin user will not be able to modify
the INI file. This will cause the program to crash with an error.
Again, note that this is true only if the file system is NTFS.

The same problem applies to the C:\PROGRAM FILES folder and its
subdirectories. By default, when a program is installed by a Local
Administrator in the PROGRAM FILES folder, the created folder and its
subfolders inherit the permissions of the C:\PROGRAM FILES folder
itself. Again, for safety's sake, these permissions deny
non-administrative users from modifying the contents of the PROGRAM
FILES folders.

I hope that you have been able to follow along with my explanation so
far. The problems you are facing are due to the default security
permission settings. So, to fix your current problems, please do the
following.

We will start with Winamp3. Winamp is generally a well-behaved,
Windows 2000 compliant program. Except for one little problem... it
stores its settings within its program folder. So, what you will need
to do is open a Windows NT Explorer window while logged in as a Local
Administrator, locate the folder where Winamp3 is installed (most
likely C:\Program Files\Winamp3), and right-click on the folder name
and select its Properties. On the Properties dialog, you should see a
Security tab (this is only present if your file system is NTFS... and
if it isn't, then you shouldn't be encountering all of these
problems). On the Security Tab, you should see a list of different
user groups. Select the "Users" group, and you will see the
permissions for that group. Most likely, the default permissions are
"Read/Execute", "List Folder Contents", and "Read". They may also be
greyed out. Please check the "Modify" checkbox (under Allow), to allow
Users to modify files in this folder. Confirm that the "Allow
inheritable permissions..." checkbox is checked, this will
automatically update all of the files in the folder to include the new
permissions. At this point, Winamp3 should work for non-admin users
(unless something else is different about your Winamp3 installation).

Repeat the same process for the other programs in your list. Note that
the reason Winzip 8.1 will not extract to folders created by the
administrator, is most likely because those folders do not have write
access for non-admin users.

After you have opened up access to the Program Files folders for these
programs, there is one more thing you will need to do. Unfortunately,
it is quite arduous. You will need to check for files being stored in
the WINNT folder (or its subdirectories) that are used by these
programs every time they run.

The easiest way to do this, is to follow the following procedure, for
each program:

1. As the Local Administrator, run the program, and use it for
whatever it is intended (ie. for Winamp3, play some music... for Easy
CD Creator 5, prepare files for burning to a CD, you should not need
to burn one though).
2. Close the program, then quickly look at and record the current
system time.
3. Open a Windows NT Explorer window, and navigate to C:\WINNT.
4. Using the Search function, search for any file in the C:\WINNT
folder with a Last Modified date of today (ie. the actual date you are
doing this procedure on).
4. As the search returns results, look at the Last Modified time to
identify files that were last modified while you were using the
program.
5. Right-click on each file, select Properties, select the Security
tab, select the Users group, and add "Modify" to the permissions.

As I said, this is an arduous task. Please note that this is actually
why corporations pay big bucks for qualified IT technicians to prepare
and torture test a standard base image of Windows and all of the
necessary applications that a user will need to do their job, before
deploying that standard base image across a company. You do not even
want to imagine having to do this tweaking on every single computer in
a company!

At this point, let me summarize what parts of your Question I have
responded to. The preceding paragraphs describe how to fix the
immediate problems you are facing with the programs you listed. I also
infer from your question that you would like to know how to keep your
kids from being able to install programs they download off the
Internet. For the most part, the very same default security settings I
described above, will prevent members of the User group from
installing programs that need to place parts of themselves into the
PROGRAM FILES or WINNT folders. Some programs, however, do not try to
install themselves into these folders. Power Users can install
programs into the folders. For most of your worries, simply placing
your kids into the User group instead of any other group will prevent
them from installing most downloaded programs.

There will always be dangerous programs approaching your computer,
especially if your family uses Kazaa Lite K++. I strongly urge you to
acquire a good anti-virus program with automatic virus signature
updates, to try to prevent these programs from running and infecting
your computer. A good (and free) one is from Grisoft, and is called
AVG Anti-Virus. You can read more about it at
http://www.grisoft.com/us/us_dwnl_free.php and you can also download
it from there.

I also strongly urge you to install and use a firewall program. My
recommendation is ZoneAlarm, which you can download (free for personal
use) at http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
.

Finally, please scan your computer for dangerous spyware using
Ad-Aware, by Lavasoft. Visit http://www.lavasoft.de/software/adaware/
for more information. Spyware is often the cause of problems on your
computer, primarily because neither you nor your other software expect
the spyware to be there in the first place.

I hope that all of this is of value to you. I repeat my offer to
provide clarification if any of this is unclear.

Thanks, and best of luck!

Regards,

aht-ga

Clarification of Answer by aht-ga on 21 Aug 2003 05:28 PDT
radioguy-ga:

As it has been over ten days since I provided the Answer, and since
you have not yet asked for any Clarification, I thought that I would
trigger a new notification (assuming you have e-mail notification
activated) as a service to you, in case the original notification did
not make it to you.

As well, since you have Windows 2000, and since the Blaster worm
appeared soon after I posted the Answer, I wanted to mention that the
ZoneAlarm firewall program I mention in the Answer can help protect
you from such attacks by completely blocking unauthorized probing of
your machine from the Internet.

I hope all is well, and remain available to provide Clarification to
this Answer if you desire it.

Regards,

aht-ga
radioguy-ga rated this answer:4 out of 5 stars and gave an additional tip of: $60.00
Sorry i colud not get back to you faster, But i was on vaction, come
back last night, it works great! but i have find that if you give the
WINNT floder Administrator Right all the time, the hole folder. on
some programs it hard to find these configurationfiles or  ini. files
, Like winamp store 3 files in two place in WINNT folder, Thank You
for take the time on answer question.

Comments  
Subject: Re: Windows 2000 Pro- Programs Do Not Launch In Other Accounts
From: snsh-ga on 10 Aug 2003 21:35 PDT
 
Sounds like your basic problem is you don't want to share OS with the kids?

I would dual-boot to two windows installations --
leave the old Win2000 installation for the kids,
and create a new WinXP installation for yourself.

Shrink your harddrive using partitionmagic,
and install Winxp in the free space.
when you're all done, nt's boot manager will
give options for win2000 and winxp.
Convert your winxp partition to
EFS (rather than FAT, NTFS)
so Win2000 won't recognize it.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy