No announcement yet.

RDP using domain account can't run Apps

  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP using domain account can't run Apps

    Got a issue I can't figure out. Win 2008 R2, RDS Role installed. Have a domain user login with no issues. Have a few apps installed some network apps some local apps. One of the network app and local app won't start using the domain user account. If I give the user Local Admin permission then the user can run all apps with no problem. It seems that a few of the apps are needing to move files to the server and can't because of permissions issues?? I've also added the apps to the RemoteApp manager and still no luck.

    Users are on the same network at the RDS server so there is no web part just a RDP to the server.

    Anyone see this and know how to fix it?


  • #2
    Without knowing the name of the application and the exact error message, it's impossible to say what the problem could be.

    You could just run Process Explorer ( ) in another session while you're trying to start the application, and see what's actually going on. Process Explorer will show you which files and registry keys are being accessed, and you can filter on process name and successes/failures and a bunch of other stuff.

    Compare the log from an admin session with that of a non-admin session, and you should be able to figure out what the problem is.


    • #3
      Regrettably, there are many applications out there that "require administrtive privileges" to run. This is because they write data to stupid locations (that same sorts of locations that malware writes to) and the developers are too lazy to bother changing this, or working out how to selectively apply permissions.
      Ser Olmy's response is the best option -
      1) use ProcExp and work out exactly what the application is trying to do, then
      2) install as admin, then
      3) create a security group. Give it the neccessary access to neccessary files, folders and reg keys
      4) put the users in the security group

      sure, it's hard work. That's why the software developers don't do it. It's easier to say "oh, our program needs enterprise admin access, because we want to write a temp folder to C:\windows\system32\temp\shitsoftware.tmp rather than writing to %userdata%\local\temp\shitsoftware
      Please do show your appreciation to those who assist you by leaving Rep Point