RE: Question regarding su.exe

From: Ben Collins <BenCollins(at)gateshead.gov.uk>
Date: Tue Jun 17 2003 - 07:47:33 EDT

Thanks for the replies.

The application is running in a Windows 2000 environment and after further consultation with the vendors, it has become more apparent as to how it works. Each time the application is run it installs a remote object using DCOM from a central server into %SystemRoot%\inf, hence the need for elevated privileges to install the object as normal users don't have write permission to that directory in 2000. Once the object has been installed the privileges are dropped and the application runs as a normal user. We have suggested that the object be installed to a different directory, but have been informed that this isn't possible. It looks like we are going to have to accept the risk of using SU as we have been using the application for a few years and at present we are unable to change it. The other option seems to be that we would add the users to a global group and give that group write permission to %SystemRoot%\inf.

Thanks,

Ben Collins.

---

Important Information
This e-mail constitutes a confidential communication and is subject to legal privilege. If you have received this e-mail in error, please notify us immediately. You should not use or copy it for any purpose, nor disclose it to any other person.

---

---

---

Received on Tue Jun 17 11:20:21 2003