[WEB4LIB] Installation of programs in restricted profile of NT

[Luis Domingues]

That problem looks like NT file system security. When software is installed
using the administrator account, some files may inherit the security
privileges of the current logged user.
To change that you must grant the everyone group read rights (or sometimes
even write) to these files.

We found that the best way to deal with that (loosing a bit of security) is
not using NTFS in public workstations, but instead FAT which doesn't have
user-based security.

Also, some settings may be written to the CURRENT_USER registry key, which
makes them available only to the user account for which the software has
been installed. If you inspect the registry you can export the settings for
that specific software and then import for the public user (for instance in
the logon script).

Regards

Luis Filipe F. F. Domingues                   E-Mail: lfd at libri.ucp.pt
Biblioteca Universitária João Paulo II        Home Page:
http://www.libri.ucp.pt/
Universidade Católica Portuguesa              Tel: +351 21 7214019
Palma de Cima                                 Fax: +351 21 7214010
1600 Lisboa
Portugal

-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org]On Behalf Of bolo
Sent: Sábado, 3 de Junho de 2000 5:16
To: Multiple recipients of list
Subject: [WEB4LIB] Installation of programs in restricted profile of NT


At a small library, two Gates Program Windows NT 4.0 computers are
linked, peer to peer. The public accesses a users
profile which is set to read, to lessen monkey biz. There is
administrator profile also. I cannot find out on the net if 1) I can
change the public profile, install more software, then change it back in
terms of permissions; 2) how to make an auto logoff
work with such a system as the restrictions seem to prevent the public
profile from finding what gets installed under
administrator. I see no direct answer to this anywhere on the net for
this sort of set up. The computers simply share printer and
modem. I get an error message of auto exit.exe not found by shortcut if
I install under administrator and log on as public,
regardless what startup folder I drop the short cut in."  Have been
trying freeware program Auto Exit Millenium at softseek.com.  Author of
program  says its a matter of the computer's security features.  Walk me
through this one, its not a matter of a NT server, just two  computers
set up peer to peer as workstation 1 and 2.  This could be about any
program to install in public profile after initially having restricted
the profile.  Email would be appreciated.