Xerox Device Agent
---------------------------
Xda.Shell.exe
---------------------------
Unable to start the application. Please login as an administrator or power user to run this application.
---------------------------
OK
---------------------------


What I've tried to configure:
1) Application compatibility fix - RunAsInvoker
2) Procmon to track down ACCESS DENIED results.
After that I got desperate and:
3) NTFS/Registry permissions for everyone to full. For all HKLM, HKCR and file system.

Does not work. Are there any special permissions that might be required? How do I track them down?

Thank you for your help. :)
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Sounds like a job for LUA BugLight

It will attempt to launch your application as a standard user, and if it fails it will use admin credentials and create a log of what areas needed the elavated privileges.

Hope that helps,

Dunnpy
Answered 04/15/2011 by: dunnpy
Red Belt

Please log in to comment
0
Hello,

I'm already looking at this and it's just so awesome! :p Thank you.
Answered 04/15/2011 by: GrGrGr
Orange Belt

Please log in to comment
0
Results:

Group Checks:
Name: BUILTIN\Administrators; SID: S-1-5-32-544

Privileges:
SeDebugPrivilege


I've applied the ForceAdminAccess shim but the application still crashed. Not possible to run this version under a limited user.
Answered 04/15/2011 by: GrGrGr
Orange Belt

Please log in to comment
0
why don't you go back to the vendor and ask? You'd imagine they must have had compaints before!
Answered 04/15/2011 by: timmsie
Fourth Degree Brown Belt

Please log in to comment
0
That privilege i.e. SeDebugPrivilege is pretty scary but certainly one I'd expect a tool such as a device agent to require. In the Stone Age, we used to use the NTRights utility to grant this kind of privilege. See this article, for example.

First, though, try running the app as System, using the old 'AT HH:MM CMD /INTERACTIVE' dodge. If that works, granting that privilege to a user should also work. I would NEVER assign it to a vanilla user, though.
Answered 04/15/2011 by: VBScab
Red Belt

Please log in to comment
0
Hmm, I do remember using that tool a couple of years ago, damn it, I'm getting old and rusty. :) Thank you.

Worked like a charm really. Software is running smooth, will google more on that privilege but would appreciate some short breakdown of security risks.

VBScab, why would you never assign it to a user? ;)
Answered 04/15/2011 by: GrGrGr
Orange Belt

Please log in to comment
0
>why would you never assign it to a user?
Because it gives more control over the system than a vanilla user should have. Google it.
Answered 04/15/2011 by: VBScab
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity