I've got an application (guiformat) which needs to run on clients in a network. However, it seems to require Administrator privileges to run. Clients run either Windows XP or Windows 7, and users log in to their systems as "Standard Users".
Now, I've tried experimenting with Software Restriction Policies. However, this requires me to deny all applications by default and then specify which one that can be run. I rather just want the security checks to be bypassed for this one application (in other words, just have it to be whitelisted).
Any ideas as to how I can achieve that will be higly appreciated!
Why not just run it in some form of virtual machine? this would isolate the main OS from this application and hopefully provide more stability for your application as well as bypassing this security problem and make rollout easier too perhaps. Something like VMWare Player may do the trick.
There are two possible security levels when using Software Restriction Policies: Disallowed and Unrestricted. You set one of them to be the default security level and then create Rules that either allow or disallow programs to run. 4 types of rules may be created and you then essentially blacklist or whitelist your applications.
That being said, Software Restriction Policies aren't going to make the program in question run as a standard user if the program requires administrator level rights. Software Restriction Policies determine who can run/launch a program, not the user rights for said users.
From the MS help document regarding security levels:
For software restriction policies, the security level options are:
Unrestricted, which allows software to run with the full rights of the user who is logged on to the computer.
Disallowed, which does not allow the software to run.
The Unrestricted decurity levels doesn't elevate the user rights. It allows a program to run with the full rights that the user posseses.