1. Just as a point of reference, the user on Windows 98 is an administrator with all rights because such a concept was not part of that OS. The changes to a more secure OS will cause new learning to occur. Be sure not to write "it ran under 98" since that security model was non-existant...
This is just a comment about this issue and I feel its worth covering since you would not have this issue on any non-DOS, non-Windows 3.x, 95, 98, and ME versions. i.e. the OS's with security models.
2. To solve this, the program needs to be examined. There is no "click-here" solution.
Your investigation would be to look at the PERMISSIONS of registry keys and files. As an example, the program in question might be attempting to alter a registry key called FOO. Using REGEDT32, you would alter the PERMISSIONS and OWNERS of FOO to let USER alter it.
Same for FILES.
3. On the Windows 2000 box, install the drivers and such for him. If you don't do this, then you are breaking your newfound security model. If you open the door that much, you may as well hand out the administrator password since given the ability to install drivers, I now own this machine and possibly more.
4. In Windows NT/2000 a common Microsoft workaround to such problems was to add the USER to the administrator group, perform the software install, then remove them from the group. It is possible to do this with more finesse, but this was the easy solution they provided.
5. Tools such as CACLS and REGEDT32 are now familiar to such administrators.
Books are also written about such and I often find an administrator with hundreds of machines without the Windows 2000 (or other) Server Resource Kit or any book on administration. It's almost comical to see them work very hard at items that are covered in such books.
Bob
I've recently replaced 50 machines in my domain with new computers that are running XP Pro. One of the machines replaced formerly had Windows 98 on it. That particular user needs to run a special program that none of the other domain users do. This program ran fine on '98, but it won't run on XP unless the user has administrative privileges. I don't like giving users admin privileges if I don't have to. I know you can right click on the program, then chose "Run as" a different user, but I don't want to give out an admin password to any users, nor do I want to have to do it for him every time he runs the program. I've looked through all of the security options in the local security MMC, and I'm not recognizing a specific permission I can add him to that will allow him to run any programs that are already installed on the computer without having to have admin privileges. Am I missing something easy, or does anyone have a work around for this?
While I'm at it, I have another similar problem...I have another user on a W2K machine that needs to be able to hook his digital camera to the machine to upload pictures. He needs admin privileges to add a device, but I don't want to give him admin privileges. Giving him the right to load and unload device drivers isn't allowing him to hook up his camera. Any solutions?
Thanks
Josh
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic