I have a legacy Windows 95 app that needs to be run as an Administrator. This is used by students in a school domain.
My predecessor set up a domain administrator account for this purpose and a "Run As.." batch script to start the program, but this still requires a teacher to enter a password. I'd like a simpler way for students to start the app, without giving them increased local privileges or the password to a domain administrator account.
What's the best way to do this?
Best Answer
I hope you mean that you a user in a group that is in the local computer's administrator group, and you don't give out an account that is a member of domain admins. There is absolutely no reason, that the account should need to be a member of the domain administrator group. If you have given out an account to the teachers that is a member of domain admins I strongly urge you to change this ASAP. You should create another group in the domain, and make that group a member of the local administrators group on the computers. You should be able to add the group you create to the local administrators group with a startup script applied by a GPO.
Anyway back to solving the issues for the program. What you may need to do is figure out what the application is doing that needs administrative access and then modify the permissions of the filesystem and registry so that students have those privileges.
The sysinternals tools filemon, and regmon will be very useful in figuring this out.
If you haven't already, try searching Google for information about that specific program, perhaps someone else has already solved the problem and fixed it.