|28 Apr 2010||#1|
| || |
How to elevate integrity for a guest account
We have an utility in our application that makes use of ActiveX and prints the document user needs from our repository in the background without user intervention. For this we used to download the document to the Temp folder, which we got using the windows API gettemppath(), and after this, the print is fired from this location.
This utility works fine on Windows XP. But fails on Windows Vista and Windows 7. Found out that this is because of the protected mode feature present in windows vista and higher OS. True to this, the utility works fine if i add our site to the trusted sites list, or run the application as an administrator or when i disable the protected mode.
We don't expect our users to be able to do any of the above changes themselves. so, we are investigating on finding a way to make this work without straining our users. we are OK with changing the code too.
I understand that there is a way by which i can elevate the event by using a broker process. but, i sense that it needs admin privileges for that to happen. Is there a way by which i can ensure that a guest user ( i.e, Non Admin ) can use the utility without fail ? code change or otherwise !
I would be really thankful to anyone who can help me out with this. Please let me know if anymore detail is needed
|My System Specs|
|30 Apr 2010||#2|
| || |
The first thing I would look into [and personally my expertise in this area is very slim] group policies for the user(s) in question. Using Group Policies, you can set very specifically what the user can and cannot do, so you don't have to put them in a generalized "guest" account.
Unfortunately I am not that great in that area and someone else may need to step in from here if they know more.
|My System Specs|
|Similar help and support threads for2: How to elevate integrity for a guest account|
|Is W7 Guest Account the Safest Account to Use On the Web?||System Security|
|Set Guest Account Similar As Primary Account,(except on Several Files)||General Discussion|
|Need To Disable Guest Account On Admin Account||General Discussion|
|Cannot Elevate Privileges Temporarily on Standard User Account||General Discussion|
|Guest account||General Discussion|
|My Administrator account turned to Guest account||General Discussion|
|Cannot log onto guest account||General Discussion|