0

I am looking to deploy a piece of vital software within the organization. This is a domain-based setup, with everyone having just basic user accounts. However, the software in question demands to run with administrative rights.

I would normally just use /savecred on a standalone computer, to provide admin access to the program while in a restricted user account, but in a domain I am not sure this will still work reliably.

I can create and use an administrative account for just this program (and hand it out to everyone), but this means I would have to manage and maintain another account with its own password. Plus, then anyone can log onto the domain using this account - not good.

However, there are such things as Managed Service Accounts that can be used - in a domain, can I use these to allow basic domain users to launch programs that demand administrative rights?

Specifically, I want users to be able to launch the program with zero additional input - no usernames, no passwords, no elevated rights. Everything should be transparent so the program just runs, despite running in a basic User account.

Improve this question

1 Answer 1

Reset to default
1

Correct me if I am wrong and this may not work in your case, but depending on the application and your security requirements you might be able to grant the user modify permissions on the file system where the application is installed and to certain registry keys that are used by the application. I have also used an AutoIT RunAs executable shortcut to launch an app with elevated credentials. AutoIT RunAs Link

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .