Allowing Non-Administrative Users to Run the Program

Allowing Non-Administrative Users to Run the Program

Previous Top Next

Windows NT, 2000, and XP allow multiple users to share a machine, with each user having certain privileges assigned to him or her. SMART Disk Monitor requires administrative capabilities to run, as it interfaces directly with the hardware. As it is not wise to grant administrative rights to all users, then we added the feature in release 1.12 to support this.

If you are running Windows 95, 98, or ME, then this feature will be ignored. You will always have administrative capabilities.

Configuring Administrative Privileges for SMARTMon
The eight steps below must be performed by a user with administrative privileges on the local machine:

·	1. Launch the application to perform computer management. (Select Local Users and Groups, then Users).

·	2. Create an account. For this example, we will use "SMARTMon". It can be any account name.

·	3. Set a password. We will choose jam92744. Make sure the password is flagged as one that never expires.

·	4. Under properties, make the account a member of "*Administrators*".

·	5. If you are on a domain, then the account must be made a member of the *Local Administrator Group*.

·	6. Invoke the MS-DOS Command prompt.

·	7. CD to the SMARTMON directory (typically C:/program files/smartmon)

·	8. Enter smartmon /SETPRIV Username Password Domain, where you substitute the account name, password, and system domain. For this example, we enter SMARTMON /SETPRIV SMARTMon jam92744 Dallas. (If you don't use a Domain controller, then you may enter None for the domain name).

Testing
1. Log on as a non-administrative user.
2. Launch the program. (If you enabled the program to auto launch, then it will launch automatically when the user logs on).
If you have followed the procedure above, then the program will launch properly. If the account does not exist or does not have administrative rights, then an appropriate error message will pop-up, and the program will abort.

Principles of Operation
By enabling security this way, administrative rights are only granted to this program. It is not possible for a user to obtain administrative rights, unless the administrator discloses the account that was set up to run the program. Underneath the covers, we use the programmatic equivalent of the "Run As" command.

SMARTMon saves the special account in the registry, and it is encrypted using a technique that is safe for export.

Upon launch, SMARTMon performs the following (if running NT, XP, or Windows 2000)
1) Determines if program was invoked by a user with Administrative rights. If so, skip to step 7)
2) Read registry to find encrypted user name, password, domain information assigned by administrator earlier
3) Unencrypts the account data.
4) Re-Launches program with CreateProcessWithLogonW() API.
5) If the launch is successful, it terminates the original program.
6) If launch is unsuccessful, then an appropriate message is displayed and the program terminates.
7) Program runs normally.