PDA

View Full Version : "Run as" on Domain Terminal Server



Chilling_Silence
18-08-2005, 07:15 PM
When trying to run an application as another user on a Domain Controller, I get the following error:

Windows cannot access the specified device, drive, path or file. You may not have appropriate permission to access the item

It even says that if I try and go "Run As" and enter my own details?!

Any ideas why?

Cheers


Chill.

berryb
20-08-2005, 12:42 AM
Are you logged into the server via a terminal service connection or by sitting in front of it and being logged in? If via a terminal service then maybe a policy doesn't allow you to install. Try logging on directly to the server. Can you install other apps?

Chilling_Silence
20-08-2005, 10:15 AM
I dont have physical access to the server, its access via Remote Desktop.

I can run normal .exe's fine... just dont appear to "Run As"?

berryb
20-08-2005, 06:33 PM
So I understand this right.

You can install/run apps fine using your own account via RDC. What account permission is this user name working under - domain admin, local administrator/s?

When logged onto the domain controller via RDC as another user you cannot install/run apps? What permissions does this account have?

Chilling_Silence
21-08-2005, 09:32 AM
Umm.. Im in the "Domain Users" group, sgg-remotetsuseraccess group, and I think there's one other group that means I get pretty normal permissions.

I can run this application fine which uses a domain admin account to create users etc, this means we dont have to give out advanced permissions to users on the TS.

Does this help? I can find the name of that other group later when Im next on the TS :)

Graham L
21-08-2005, 03:37 PM
Looks as if it's just "normal" security. It's regarded as a very bad idea to have remote users using privileged accounts. The "Run As" could be a bit risky. *nix usually stops root from logging in remotely, or even using FTP.

Of course with Windows, the software's so stable and reliable you don't need security. :D

Chilling_Silence
21-08-2005, 09:44 PM
Nicely put Graham ;)

So in a nutshell its a no-go'er?!

Bugger

berryb
21-08-2005, 11:24 PM
If I get a chance I will try "run as" from limited user account and let you know how I get on. I thought it could be done but maybe not. Never tried, I trust Microsoft :rolleyes: and use full rights for my login.