LUA post no. 2 - using different user account for application

Well, sometimes you encounter application, that just WONT run under user... Many people are trying to solve this by running that particular application under different account... They use RunAs+Sanur or AutoIt RunAsSet command...

However there is also one tool available from Microsoft - it is called EPAL -

http://www.microsoft.com/downloads/details.aspx?FamilyID=cf3cc921-9b8e-4266-a905-2e2a20217ce0&DisplayLang=en

I think it can be sometimes really usefull, however I dont understand WHY there isnt anyone (even from Microsoft) that know something about this utility :(

It is based on Active Directory - first you must register your application to AD using

epal.exe /r /c:OU=<application>,OU=EPAL,OU=MyBusiness <application.exe>

After successful registration, new OU is created in AD... There is user, under which account the application will launch (I usually create ElevatedApps group, that is in local administrators) and group with users, that are allowed to run this application using EPAL.

If you want to run this application elevated, you must perform following tasks:

1.) Add user to group <application> Application Users

2.) Add <application> user account to local administrators (in my case add this account to ElevatedApps group)

3.) Create new shortcut with EPAL /c:OU=<application>,OU=EPAL,OU=MyBusiness <application.exe>

And thats it! When you click on shortcut, the application will automatically launch under elevated user account

Published Wed, Nov 9 2005 9:53 by martin
Filed under: ,

Comments

# re: LUA post no. 2 - using different user account for application

I am having a problem. i get the following error:

Could not execute APP.EXE

Error:Logon Failure: unknown user name or password.

(win32:0x52e)

Friday, December 01, 2006 10:11 PM by Yajnas