I ran into this plm with the library computers running a great legacy
vocabulary program. It required local admin status for the user in order to
run the app successfully.

I needed to create a special user account which had local admin rights, to
allow students to use the app. As long as they login with that username and
password, they can run the program.

Tedious to say the least.

So, I wld like to know if there is a better way to successfully run legacy
apps on an XP machine ..

Bill CLark
Austine School for the Deaf



-----Original Message-----
From: School Information Technology Discussion
[mailto:[log in to unmask]]On Behalf Of Vince Rossano
Sent: Friday, May 26, 2006 9:06 AM
To: [log in to unmask]
Subject: Re: software installation, local permissions, licensing


>
>
>>>> [log in to unmask] 5/25/2006 4:22:35 pm >>>
>Just looking for advice from others about the advisability of making
people local admins (are there any steps between
>power users and admins?) and how people with a mixed or laissez-faire
installation policy deal with licensing issues.

At Montpelier, we have a "lazy-faire" policy.  In other words, we're
too lazy to run around to everyone's machine anytime some non-certified
app wants updating, so we've just decided to live with big security
holes hoping that, in the long run, we'll put in less time fixing user
screw-ups than running back and forth doing normal system operations.
Hence, we give our users who have their own workstations (which students
do not have access to) Power User or, more often in fact, admin rights.
NB: I do not recommend this to faint-of-heart network administrators;
it's only for negligent risk-takers like me.

More seriously, we run a lot of legacy apps, which just won't run for
someone with basic user privileges.  For instance, they might have an
.ini file that needs to be written to each time they run or some such
anomaly.  Power User status seems to solve most of those problems, but
not all, so we go all the way to Administrator for most users.  I've
found, as far as security is concerned, the difference between Power
User and Administrator is not nearly as great as that between User and
Power User.  Once you to go to Power User, it isn't that big a leap to
Administrator.  (You mention not writing to the registry, but it's my
experience that Power Users can write to the registry.  In fact, Users
can write to the registry, but only to the volatile "HKEY_CURRENT_USER"
section.)

I don't believe there is anything between Power User and Admin in XP,
but I hear Vista's Power User group will have much more granularity.
However, I believe that will mean giving them fewer rights, not more.
That could make the group more acceptable to network managers that
aren't getting smart and moving to Linux on the desktop.

As for unauthorized/unlicensed software, despite our threats of
knee-cap breaking, some of our users will go ahead and install their own
software.  When we catch them, however, we feel free to re-image their
machines taking with it any files, favorites, etc. that are stored on
the local machine.  But, actually, we don't have a lot of violations of
this kind.

Vince
--

Vince Rossano
Information Technology Director
Montpelier Public Schools
Montpelier, VT 05602

(802) 225-8690