I want the account to be able to use one app that requires administrative privileges. I have contacted the support team of the app to find out why it needs these privileges, but I didn’t receive any helpful information.
The app is for viewing surveillance footage, but it requires admin privileges to open. I don’t want to make every employee an administrator just for this one use case. It might be better to switch to a FOSS app that doesn’t require administrative privileges by default.
The cameras we currently use are made by the vendor of the app, so maybe we’re locked in somehow? The NVR is also made by them, so it might be possible, but I don’t know for sure. I need to look into it more.
I have contacted the support team of the app to find out why it needs these privileges, but I didn’t receive any helpful information.
Tier 1 probably doesn’t have a clue, you’ll have to escalate, or alternatively use procmon to see what files and folders it’s accessing that might need admin privileges. Like if it’s trying to write files to its own subfolder right off C:, basically it’s probably poorly coded.
Once you know what files/folders it’s trying to access, you can give everyone permissions to just those specific ones and then it should run without prompt
Alternatively alternatively, you can screw around with the task scheduler, off the top of my head you could probably have TS run the program as an admin user on login of any user
I did use procmon and saw that it was creating/closing a file in the C: directory. I gave access to the other folders it was trying to access (e.g. C:\Users\Public\CameraSoftware) but it’s still asking for admin privelleges. I tried doing the Task Scheduler method as well, did not work for me unfortunaely. Thanks for your response btw!
Did you check for registry keys too?
Procmon is the shit.
… and this is why we use unifi… the ability to control viewer permissions and not require a chinese program designed for windows xp that requires admin privs just to view cams.
I assume you’ve already explored the option of using the browser page for the nvr and that doesn’t work for some reason? Browser pages don’t require admin.
Honestly, I’ve seen this too many times working in IT. The best option was always to set up a computer with a local administrator account, no access to the secure network, and let the entire department have access to it.
Install the camera software(s) on there and only there. Videos are then exported into a common file type and transferred through USB or DVD.
I’ve worked with Police departments that had dozens of different, unique software each with their own proprietary codec. Every time they requested a recording from a business there would be another unsigned .exe to run. Straight garbage.
I think my company uses software from Cyberark to do this sort of thing.