Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Microsoft Elevated Privileges Application Launcher

To reach some of the benefits of deploying a Windows 2000 infrastructure it is important to limit the end-user's ability to make changes to the core components of the operating system. Windows 2000 system administrators now have the option of giving users local User or Power User privileges. Under these privileges it is possible to perform the majority of the tasks that an end-user needs to complete to get their job done. However, some non-Windows 2000 logo compliant applications may not properly run. While there are a number of issues related to application not running under a user context, it is important to distinguished between security related requirements and other issues related to application compatibility.

The Elevated Privileges Application Launcher, EPAL, tool is designed to assist a fairly narrow spectrum of the application compatibility issues. It only deals with the ability of letting an application launch under some other user privilege, so that it has access to certain components of the local registry or the file system. With EPAL the network administrator now has the ability of only giving the user local user privileges on their systems and have the application execute and some higher privilege level on the local system that they are currently logged on with.

Download here

EPAL leverages the Windows 2000 Active Directory functionality to minimize the amount of effort on the part of network administrators to manage an environment in which a user has the privilege to execute an application under some other context. It does this by creating a Windows 2000 security principal and a Windows 2000 Group. The security principal, account, is the context that EPAL will use to launch a particular application. This account will need to be a member of the appropriate elevated group of the local Windows 2000 workstation. The Windows 2000 Group is used to maintain a membership list of those users that have been authorized to run a particular application using the elevated access.

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.