locked
Custom app using elevating into system context and other securityrelated questions RRS feed

  • Question

  • One of our software vendors uses a custom remote support tool in order to get into our servers/desktops and we are in need of some guidance on how to make it work better in our environment. This software requires elevation which from what we were told, causes their process to "elevate" from a user level app to a "system" level context. Is there a way through group policy to allow a Windows standard user the right to run a system level process or elevate this process while logged into the std account WITHOUT allowing the right to do this for any other application?

    Next question - This remote support tool is installed on the fly when a person needs support - however these again are standard users and once the support session is over the software is designed to remove itself. However the removal seems to failing due to our registry settings being a bit restrictive. Whats weird is the software is allowed to be installed and registry keys written but not removed from the registry. What specific right do we need to grant these users to be able to remove this software, and, more specifically I guess what registry keys?

    Tuesday, September 16, 2014 8:49 AM

All replies

  • In regards to your first question, there is no policy for this. 

    In regards to the registry, you will need to know the following:

    1. What registry keys are being deleted?  What are the current permissions?  Who is deleting the registry key?  To delete a registry key, you need DELETE permissions.  It sounds like currently the user doesn't have this.

    Its really hard to say what is going on with the information you have provided.

    thanks

    Frank K [MSFT]

    Tuesday, September 16, 2014 6:46 PM