Adding Users to Local Administrators Group

  • Thread starter Thread starter MSNews
  • Start date Start date
M

MSNews

Guest
Hi Everyone,

I am relatively inexperienced in TS though I have 20 years experience in
Network systems for small business.

I am implementing ACT by Sage on W2003R2 TS and the complete
functionality/integration with Outlook2003 works only if Users/Domain Users
are members of the Local Administrators Group (LAG).

I have been using Process Monitor but cannot locate any Access Denied
messages when Users are not members of the the LAG.

Anyone have ideas on how to identify the 'offending' rights so that I can
implement this application without completely eroding security on the TS

Regards

Piloo
 
Re: Adding Users to Local Administrators Group

Did you follow the instructions from Sage:

Using ACT! with Citrix or Terminal Server
http://kb.sagesoftwareonline.com/cgi-
bin/sagesoftwareonline.cfg/php/enduser/std_adp.php?p_faqid=15275
&p_created=1124917128&p_sid=Dsvj*vOi&p_accessibility=0
&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbn
Q9OTU4JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9Y
W5zd2Vycy5zZWFyY2hfbmwmcF9wYWdlPTEmcF9zZWFyY2hfdGV4dD10ZXJtaW5hbCBz
ZXJ2aWNlcw**&site_ID=1&p_li=&p_topview=1

If that doesn't help, I would post to the user discussion groups at
Sage, you probably already have a user account.
http://www.act.com/support/discussiongroups/go/
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"MSNews" <asanamxx@hotmail.com> wrote on 18 okt 2007 in
microsoft.public.windows.terminal_services:

> Hi Everyone,
>
> I am relatively inexperienced in TS though I have 20 years
> experience in Network systems for small business.
>
> I am implementing ACT by Sage on W2003R2 TS and the complete
> functionality/integration with Outlook2003 works only if
> Users/Domain Users are members of the Local Administrators Group
> (LAG).
>
> I have been using Process Monitor but cannot locate any Access
> Denied messages when Users are not members of the the LAG.
>
> Anyone have ideas on how to identify the 'offending' rights so
> that I can implement this application without completely eroding
> security on the TS
>
> Regards
>
> Piloo
 
Re: Adding Users to Local Administrators Group

Thanks for your response. Thus far pretty much everything works except I am
being paranoid/neurotic about making Users members of the LAG. I suppose
this is just a glorified workstation and security was never 'really' a
concern to Microsoft and App developers alike.

I am publishing ACT using 2X and so Users dont' get to see much of the TS
and we'll keep fingers crossed that they don't get too curious about what's
in the box!

My question remains; how does one identify the elevated permissions/rights
which stop ACT 2007 functioning as desired unless Users are members of the
LAG?

Regards

Piloo


"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns99CDE42723C17veranoesthemutforsse@207.46.248.16...
> Did you follow the instructions from Sage:
>
> Using ACT! with Citrix or Terminal Server
> http://kb.sagesoftwareonline.com/cgi-
> bin/sagesoftwareonline.cfg/php/enduser/std_adp.php?p_faqid=15275
> &p_created=1124917128&p_sid=Dsvj*vOi&p_accessibility=0
> &p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbn
> Q9OTU4JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9Y
> W5zd2Vycy5zZWFyY2hfbmwmcF9wYWdlPTEmcF9zZWFyY2hfdGV4dD10ZXJtaW5hbCBz
> ZXJ2aWNlcw**&site_ID=1&p_li=&p_topview=1
>
> If that doesn't help, I would post to the user discussion groups at
> Sage, you probably already have a user account.
> http://www.act.com/support/discussiongroups/go/
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> "MSNews" <asanamxx@hotmail.com> wrote on 18 okt 2007 in
> microsoft.public.windows.terminal_services:
>
>> Hi Everyone,
>>
>> I am relatively inexperienced in TS though I have 20 years
>> experience in Network systems for small business.
>>
>> I am implementing ACT by Sage on W2003R2 TS and the complete
>> functionality/integration with Outlook2003 works only if
>> Users/Domain Users are members of the Local Administrators Group
>> (LAG).
>>
>> I have been using Process Monitor but cannot locate any Access
>> Denied messages when Users are not members of the the LAG.
>>
>> Anyone have ideas on how to identify the 'offending' rights so
>> that I can implement this application without completely eroding
>> security on the TS
>>
>> Regards
>>
>> Piloo
 
Re: Adding Users to Local Administrators Group

Hi Piloo,

You should *not* need to grant users Admin access to run
ACT 2007.

Please logon as a normal user (full desktop logon, not
published app), open regedit, and check the following:

HKCU\Software\ACT\OutlookHistoryService\Desktop

Qpath REG_SZ

What folder path is in the Qpath value? It should *not* be
pointing to a folder in another user's profile (for example,
Administrator).

You mention that the integration with Outlook 2003 does
not work when the users are not admins. What exactly
is the problem? What error message are you receiving?

Please respond with detailed answers to my questions
and I will help you resolve the issue completely or provide
further information.

Thanks.

-TP

MSNews wrote:
> Thanks for your response. Thus far pretty much everything works
> except I am being paranoid/neurotic about making Users members of the
> LAG. I suppose this is just a glorified workstation and security was
> never 'really' a concern to Microsoft and App developers alike.
>
> I am publishing ACT using 2X and so Users dont' get to see much of
> the TS and we'll keep fingers crossed that they don't get too curious
> about what's in the box!
>
> My question remains; how does one identify the elevated
> permissions/rights which stop ACT 2007 functioning as desired unless
> Users are members of the LAG?
>
> Regards
>
> Piloo
 
Re: Adding Users to Local Administrators Group

Hi TP,

Thanks very much. You are spot on with the problem. Issue now resolved.

Regards

Piloo

"TP" <tperson.knowspamn@mailandnews.com> wrote in message
news:u3Q8eAoEIHA.936@TK2MSFTNGP06.phx.gbl...
> Hi Piloo,
>
> You should *not* need to grant users Admin access to run ACT 2007.
> Please logon as a normal user (full desktop logon, not published app),
> open regedit, and check the following:
>
> HKCU\Software\ACT\OutlookHistoryService\Desktop
>
> Qpath REG_SZ
>
> What folder path is in the Qpath value? It should *not* be pointing to a
> folder in another user's profile (for example, Administrator).
>
> You mention that the integration with Outlook 2003 does not work when the
> users are not admins. What exactly is the problem? What error message
> are you receiving?
>
> Please respond with detailed answers to my questions and I will help you
> resolve the issue completely or provide further information.
>
> Thanks.
>
> -TP
>
> MSNews wrote:
>> Thanks for your response. Thus far pretty much everything works
>> except I am being paranoid/neurotic about making Users members of the
>> LAG. I suppose this is just a glorified workstation and security was
>> never 'really' a concern to Microsoft and App developers alike.
>>
>> I am publishing ACT using 2X and so Users dont' get to see much of
>> the TS and we'll keep fingers crossed that they don't get too curious
>> about what's in the box!
>>
>> My question remains; how does one identify the elevated
>> permissions/rights which stop ACT 2007 functioning as desired unless
>> Users are members of the LAG?
>>
>> Regards
>>
>> Piloo
 
Re: Adding Users to Local Administrators Group

You are welcome.

Thank you for letting us know.

-TP
 
Back
Top