Application does not run for domain admins

Solution 1:

You can monitor what the program is doing using a special diagnostic tool called Process Monitor from Microsoft, and from there potentially determine what is not working.

I've used this tool from Mark Russinovich for probably 12-15 years now, when dealing with user rights problems trying to run cruddy old Windows 3.1 / 95 / 98 programs that demand excessive file/registry permissions on NTFS and Windows 2000, XP, and then Windows 7 with UAC.

Though be warned, this tool spews thousands of lines of status data from every running system program when you launch it, so it is often helpful to go down the list and exclude nearly every other running program it detects that you don't care about, before actually running the program you do want to test.

Ref, my own post on SysInternals about this:

The difficulty is not overexcluding to the point that you are missing messages that you told it to suppress from other running system programs, but not also being swamped with thousands of lines of irrelevant logging data.

Explicitly ignoring all "SUCCESS" messages may also help you find errors more easily. Though this is a very advanced tool, and some things it reports are not really serious errors, such as "REPARSE" or "END OF FILE", so it can be difficult to decipher the output from it, and it may possibly not help you at all if you can't figure out how to read its logging output.

Solution 2:

I was able to solve the issue following the steps below

Turn off UAC

Created standard user shippinguser in AD

added domain/shippinguser as a local admin on shippingpc

added shippinguser password to stored credentials.

created shortcut:

%systemroot%\system32\runas.exe /user:domain\shippinguser /savecred "C:\Program Files (x86)\ConnectShip\Progistics\CSW\ShippingApplication\CSWShipping.exe"

Put shortcut all users desktop on mm-dt-ship01

The short will launch CSWShipping.exe as local admin on the computer using domain\shippinguser

When the users double clicks the shortcut they may be prompted for a password.

The user will only have to enter the password once.

I have set the GPO to deny logon locally for this user on any PC under the domain.

Solution 3:

I'd never heard of this software, so I googled it. Unfortunately, in my experience some of these specialized software packages for very specific markets... well.

The actual error message is a .NET framework error: An exception was thrown by a type's initializer. That could be a lot of things, but I'm going to guess that those users don't have permissions to access a needed assembly (but local administrators do).

Your choices are looking for related files and granting the user running the application privileges on those files, or granting local admin rights to that user. Since you granted the directory to everyone, maybe the app put something in Windows (or another directory).

Good luck!


Windows 7