I have compiled a list of special permissions that will enable the following software to work correctly in a locked down environment. The following programs assume that the Everyone group gets Modify to these folders and files. Here goes:
Adobe CS3
\Documents and Settings\All Users\Application Data\FlexNet
\Program Files\Common Files\Adobe
\Program Files\Adobe
Araneae:
\Program Files\Araneae\template.dat
Microsim Eval 8:
\Program Files\MsimEv_8
\Windows\MSim_evl.ini
PS Pad:
\Program Files\PSPad\PSPad.ini
\Program Files\PSPad\Recent.ini
PSpice Orcad Lite 9.2:
\Program Files\Layout Plus
\Program Files\Pspice
Solidworks 2006 & 2007 & 2008
\Program Files\Solidworks\Data
\Documents and Settings\Administrator\Application Data\Solidworks
\Solidworks Data
SPSS 14 & 15:
\Windows\System32\servdat.slm
Labview 7.1 & 8.2
\Program Files\National Instruments
ADAM 4:
\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
\Documents and Settings\Administrator\Local Settings\Temp
AutoCAD 200x
\Documents and Settings\Administrator\Application Data\Autodesk
\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
\Program Files\AutoCAD 200x
\Program Files\Autodesk
Clea
\Program Files\Clea
Base Permissions are as follows:
Modify to:
\Documents and Settings
\Windows\Temp
Read & Execute to :
\Documents and Settings\Administrator\Desktop
\Documents and Settings\Administrator\Start Menu
\Documents and Settings\All Users\Desktop
\Documents and Settings\All Users\Start Menu
After this is done, hide the Administrator and All Users folders (this folder only)
Tuesday, January 22, 2008
Windows Installer command line options
If your installer was created by InstallShield: run setup.exe -r on a clean machine. This will created a setup.iss in C:\Windows. Copy and paste setup.iss to the folder that the original program resides in and run setup.exe -s. The installation of that program should be silent.
If your installer is an MSI: run setup.msi with either /qb (progress bar) or /qn (completely silent).
If your installer is an MSI: run setup.msi with either /qb (progress bar) or /qn (completely silent).
Profile inclusion folders
The following is a list of folders that, if these programs are installed, need to be included in the Administrator profile when it is copied to Default User so that the changes made to the program on first run become mandatory for all new users.
AutoCad 2007
\Application Data\Autodesk
Firefox
\Application Data\Mozilla
Secure Shell Client
\Application Data\SSH
Office 2007 & Visual Studio 2005
\Application Data\Microsoft
\Local Settings\Application Data\Microsoft (if size is of concern, remove everything from \Local Settings\Application Data\Microsoft\OneNote\12.0
MySQL
Application Data\MySQL
AutoCad 2007
\Application Data\Autodesk
Firefox
\Application Data\Mozilla
Secure Shell Client
\Application Data\SSH
Office 2007 & Visual Studio 2005
\Application Data\Microsoft
\Local Settings\Application Data\Microsoft (if size is of concern, remove everything from \Local Settings\Application Data\Microsoft\OneNote\12.0
MySQL
Application Data\MySQL
Problems and Solutions
Problem:
"System" process is using 100% of CPU. This is probably caused by failed print jobs that are stuck in the queue. Most common when a user has a home printer and an office printer connected to a laptop.
Solution:
1.) Stop the print spooler service.
2.) delete all files in C:\Windows\system32\spool\PRINTERS.
3.) restart the print spooler service.
Problem:
Clicking a "mailto" link causes multiple IE windows to open (60+). This problem seems to be associated exclusively with Outlook.
Solution:
1.) Set default mail client to something else (ie Outlook Express).
2.) Click on a mailto link, forcing that program to open.
3.) Reset the default mail client back to what it was.
Problem:
IE text size does not stick when a user changes it. This problem seems to be associated with Eudora 4.2 or greater.
Solution:
In Eudora, go to Tools-Options-Viewing Mail and uncheck "Use Microsoft's viewer"
"System" process is using 100% of CPU. This is probably caused by failed print jobs that are stuck in the queue. Most common when a user has a home printer and an office printer connected to a laptop.
Solution:
1.) Stop the print spooler service.
2.) delete all files in C:\Windows\system32\spool\PRINTERS.
3.) restart the print spooler service.
Problem:
Clicking a "mailto" link causes multiple IE windows to open (60+). This problem seems to be associated exclusively with Outlook.
Solution:
1.) Set default mail client to something else (ie Outlook Express).
2.) Click on a mailto link, forcing that program to open.
3.) Reset the default mail client back to what it was.
Problem:
IE text size does not stick when a user changes it. This problem seems to be associated with Eudora 4.2 or greater.
Solution:
In Eudora, go to Tools-Options-Viewing Mail and uncheck "Use Microsoft's viewer"
Subscribe to:
Posts (Atom)
