Hi Kirsten, You've got a number of possible solutions to your problem. The first is of course making your users local administrators which is a really BAD idea because your servers will get hosed so fast your head will spin. The second is to run the servers is relaxed (NT 4 TSE compatible) security mode. This adds the users to the terminal server user group which has enhanced privileges to parts of the registry and file system. This isn't a realgood idea either because it gives users the opportunity to install stuff which can cause you real grief. Next, you can use the windows sysinternals (www.sysinternals.com redirects to appropaitae technet page) NT registry monitor (or process monitor) to see what registry keys are being accessed (access denied errors for non-admins) and deprotect the relevant keys using group policy, NOT just regedit. The tidiest way to find out what's broke is to use a couple of components of the application compatibility toolkit from Microsoft. The standard user analyzer will let you run the app as an admin, and highlight all the registry keys the app is trying write to. The application compatibility administrator lets you apply an application compatibility fix, LUARedirectReg which will redirect any HKLM write attempts to HKCU. Go to www.msterminalservices.org and takea look at my article on the application compatibility tool kit to get a bit more detail on how to do this. Note the the standard user analyzer is now part of the V5 app compat kit. The last way you can do things if you're running Presentation Server 4 Enterprise, or 4.5 any flavour is to use AIE to redirect the registry write attempts. This also works quite well and will resolve your problem. regards, Rick -- Ulrich Mack Commander Australia - the company I work for, no delusions of grandeur ;-) On 4/24/07, Kirsten Mayer <kmayer@xxxxxxxxxx> wrote:
Hi, I have a .exe and .dll installed on Windows Server 2003 for use by thin clients using Terminal Services. The thin client user logs into Lotus Notes (which is running on the Server) which calls the .dll which runs the .exe and passes the .exe a structure. The .exe, amongst other things, tries to read and then write several keys to both the HKey Local Machine and HKey Current User and this is where the problem lies. The .exe only works when the thin client is given Admin privileges to the Server; otherwise Firstly, the .exe doesn't seem to find the Local Machine Keys (if not also the Current User keys) when the .exe loads. Secondly, the .exe it exits with the following message when it tries to write to registry keys: System.UnauthorizedAccessException: Access to the registry key is denied. at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str) at Microsoft.Win32.RegistryKey.SetValue(String name, Object value) All Thin client users have been given permission to read and write to the Local Machine and Current User keys. The .exe works on Windows machines under the same scenario (called from inside Lotus Notes which calls the .dll which runs the .exe etc.) whether the user has Admin privileges or not. Any ideas? Many thanks, _______________________________________________* Kirsten Mayer** Software Developer E: kmayer@xxxxxxxxxx*