VS2010 Crystal 13 click-once deployment without user admin rights?

The only supported way of deploying our runtimes is to use one of our prepackaged msi's.
We do not have any documentation for manual deployment or anything that lists what specific dlls, registry settings, etc are needed to run specific configurations (ie web app vs windows apps).
Jason

As well as what Jason posted CR MUST have local PC Admin rights because we need to get past DEP/UAC etc. as well as be able to register the COM components, insert all of the registry keys required and the usual folder creation and file copying. Without it CR simply won't install properly and your app will never run. As noted in those other posts if you write a .NET app you have no choice but to use/set the native permissions and file distribution. If it's a WEB based app the you deploy it on each WEB server, users get a Viewer and Printer control through a browser download. But for Windows, it's a must.
IT departments have the ability to push out Special permissions for users to install software, not a CR configuration so check with your IT group or Microsoft and search on Profiles. So the each users doesn't need to be granted Admin rights to use it but they need it to install, assuming when installed it's set for All users. Other option is a local network Admin install on each PC. Not the nice way of doing things though.
Bottom line is because it's a Native .NET windows app you have no choice but to distribute all of CR's runtime and dependencies.
Don

Similar Messages

  • Change external urls on existing deployment without user interruption

    We've got a client who changed its Company Name just after the migration of 2010 => 2013.
    All mailboxes are moved to 2013.  Now we need to change their external/internal urls without user interruption...
    Current config:
        2 x Windows 2012 R2 + Exchange 2013 RU7 => 1 DAG => 2 databases (primary & archive)
    External urls:
    activesync.currentcompany.be
    autodiscover.currentcompany.be
    Internal urls:
    Exchange2013.currentcompany.be
    DNS records:
    autodiscover SRV record for newcompanyname.be
    Accounts:
    [email protected]
    New config:
    Same servers
    External urls:
    activesync.newcompanyname.be
    Internal urls:
    exchange2013.newcompanyname.be
    What is the best practice for this?

    Hi,
    If the domain name is changed, please check the email address policy for all domain users. If all users are using the new domain, the old domain would never be used and all DNS records have been changed to new domain, we can run the following commands to
    change the URLs:
    Set-ClientAccessServer -Identity CAS2013 -AutodiscoverServiceInternalUri https://exchange2013.newcompanyname.be/autodiscover/autodiscover.xml
    Set-WebServicesVirtualDirectory -Identity "CAS2013\EWS (Default Web Site)" -InternalUrl https://exchange2013.newcompanyname.be/ews/exchange.asmx -ExternalUrl https://activesync.newcompanyname.be/ews/exchange.asmx
    Set-OABVirtualDirectory -Identity "CAS2013\oab (Default Web Site)" -InternalUrl https://exchange2013.newcompanyname.be/oab -ExternalUrl https://activesync.newcompanyname.be/oab
    Set-OwaVirtualDirectory -Identity "CAS2013\OWA (Default Web Site)" -ExternalUrl https://activesync.newcompanyname.be/owa
    -InternalUrl https://exchange2013.newcompanyname.be/owa
    Set-EcpVirtualDirectory -Identity "CAS2013\ecp (Default Web Site)" -ExternalUrl https://activesync.newcompanyname.be/ecp
    -InternalUrl https://exchange2013.newcompanyname.be/ecp
    Set-ActiveSyncVirtualDirectory -Identity “CAS2013\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalUrl https://activesync.newcompanyname.be/Microsoft-Server-ActiveSync
     -InternalUrl https://exchange2013.newcompanyname.be/Microsoft-Server-ActiveSync
    Additionally, please create a new trusted certificate with the following namespaces:
    activesync.newcompanyname.be,autodiscover.newcompanyname.be,Exchange2013.newcompanyname.be
    Assign the certificate with IIS service.
    Regards,
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Winnie Liang
    TechNet Community Support

  • Removing User Admin Rights

    I am currently assisting in managing a domain of 3-4000 users. All of our users have administrative privileges on their machines. We are looking into several different ways of removing these administrative rights for obvious security reasons.
    I have read about privilege management software like Avecto, but it would be great if you could utilize something like Restricted Groups in Active Directory or SCCM 2012R2 to achieve this somehow.
    I read about Restricted Groups here:
    http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Restricted-Groups.html
    I am wondering if we can achieve this by deploying these Restricted Group GPO's.  I understand that these GPO's are linked to computer accounts though, but from what I am under the impression I can restrict adding accounts to the admin group and explicitly
    allow other accounts.
    Our AD functional level is 2008R2 and 99% of our workstations are running Win7 32-bit.  Has anyone had any experience removing user administrative rights without purchasing third-party software?

    We are in the process of deploying Avecto Privilege Guard (new name is DefendPoint).
    We are doing this in conjunction with revising our GPP-Local Users & Groups settings (which we decided to use some time ago, instead of using classic Restricted Groups).
    You'll need to use some method (and GP seems to be a good one) to take control of the local Administrators group membership.
    Avecto PG can/will block all attempts to modify that group (due to its anti-tamper protections), but, presumably like us, you will need to evict unauthorised members of that group, and then protect that group from further modifications.
    We also found, that the anti-tamper protections of Avecto PG, even prevent GP from cleaning up the group members, and it was suggested to us by Avecto support, that we create Avecto PG policy which allows the LocalSystem to bypass the protection. (GP CSE's
    like this, will run in LocalSystem context)
    You don't need Avecto PG to remove admin rights, you can do it with Domain GP. But, how do you maintain that position/integrity? And, how do you then allow users to perform some tasks, tasks which require privilege but your organisation approves of those
    tasks being performed by users, but Windows doesn't allow that?
    There are many types of technical controls to implement "security" (if that is your goal), but, you will find that each and every control can be bypassed with enough time and effort. Especially if your users are the determined type of person, who
    also considers that their need to "do that thing" will make them productive/happy - they will ignore all company policies in pursuit of that productivity/happiness (or so it seems to me from my experience)
    IT Support efforts/costs will rise, not drop - we are seeing this already.
    Hatred towards IT (both systems and the people in IT) is also rising.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Running Desktop software without local admin rights

    Is it possible to run Blackberry Desktop Software without the user having local admin rights? I have a number of users who have work BBs who need to use BDS, but I am in the process of correcting my predecessor's decision to give everyone local admin rights.

    Hello gheatley,
    Welcome to the Support Community!
    The BlackBerry® Desktop Software will need to be installed in a Windows® user account with local admin rights, but it can be used from within other user accounts with more limited permissions.
    Thanks.
    -FS
    Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
    Be sure to click Kudos! for those who have helped you.
    Click Solution? for posts that have solved your issue(s)!

  • Delay when starting accdb without local Admin rights.

    Hi,
    I have a problem with one application, the front end of the application is MS Access DB that's connects to our SQL Server over odbc driver If the user is in a local administrator group everything is working fast. When the same user is put in the user group
    without Administrative rights I recive a delay for about 60 sec then the error pops up
    After I hit ok a new SQL login pops up and I just press second time ok and the application starts without entering any user and pass. This is not happening if the user is in the built in Administrators Group.
    Thanks for the help
    fract

    Hi fract,
    as a Microsoft partner I have asked support for help.
    Here is their answer:
    Hi Partner,
    Thanks for your reply.
    Based on my research, the issue is identified as a compatibility issue that Access 2010 has with SQL Server 2008 R2. Access uses PERMISSIONS function to check the privileges. The PERMISSIONS function is deprecated in SQL Server 2008 R2. I haven’t found
    any workaround for this issue currently.
    You can check the more detail information at below link:
    PERMISSIONS (Transact-SQL)
    http://msdn.microsoft.com/en-us/library/ms186915(v=sql.105).aspx
    I think you need to access SQL Server 2008R2 with local admin right.
    If you have any further questions, please let me know.
    Best Regards,

  • Is it possible to set up ADFS without domain admin rights in Windows 2012 R2?

    I've set up Windows 2012 R2 on my development box and want to enable the ADFS feature to test claims based authN. In ADFS 2.0, you could opt to install standalone and local admin privileges would be enough to install ADFS and authenticate against the domain
    AD.
    However, with the new ADFS, after installing the feature it asks to enter the credentials for an account that is a domain admin. Is it still possible to configure ADFS without domain admin privileges?

    Hi,
    According to my research, if you want to set up AD FS in Windows server 2012 R2, each computer
    that functions as a federation server must be joined to an Active Directory domain.
    Besides, AD FS requires a certificate for SSL server authentication on each federation server in your federation server farm. Furthermore, you need a membership in
    Administrators on the local computer to install the AD FS role service.
    For more detailed information, please refer to the links below:
    How to deploy AD FS in Windows Server 2012 R2
    http://technet.microsoft.com/en-us/library/dn303423.aspx
    Best regards,
    Susie

  • GroupWise 6.5.7 distribution without local admin rights

    I would like to distribute the GroupWise 6.5.6up1 (6.5.7) client
    installation (from 6.5.1).
    Im using the setup.cfg and setup.ini to have an unattended installation.
    It is working great with local admin rights.
    Now I would like to distribute this version with ZENworks. Im using the
    workstation object (association) so the distribution will take place when
    the workstation starts up.
    But (as far as I can see) the registration of DLLs will not take place.
    What kind of alternatives are there to distribute GroupWise without local
    administrator rights?
    Thanks.
    Armand.

    Thanks for the reply.
    The .aot files give problems, dll files are missing (the known
    vslwp7.dll) and I found a lot of bad experiences on the forums with the
    viewer etc.
    Armand.
    > I've been using the AOTs included with the GW Client (Zen directory). =
    > They import into Zenworks easily and have worked well for me the last 2 =
    > upgrades.
    >
    > >>> <[email protected]> 10/11/2006 1:34:27 AM >>>
    >
    > I would like to distribute the GroupWise 6.5.6up1 (6.5.7) client
    > installation (from 6.5.1).
    > I=92m using the setup.cfg and setup.ini to have an unattended installation.=
    >
    > It is working great with local admin rights.
    >
    > Now I would like to distribute this version with ZENworks. I=92m using the
    > workstation object (association) so the distribution will take place when
    > the workstation starts up.
    > But (as far as I can see) the registration of DLL=92s will not take place.
    >
    > What kind of alternatives are there to distribute GroupWise without local
    > administrator rights?
    >
    > Thanks.
    > Armand.
    >
    >

  • Grant user admin rights, install itune, ungrant rights?

    On Windows XP, installing iTunes requires admin rights. However, it is not good to use an admin account for regular work. For the Palm Desktop, the workaround was to grant admin rights to the user account, install the application using the user-turn-admin account, then ungrant admin rights. Will this last step cause problems for iTunes, or does iTunes require admin rights for its regular operation (outside of being installed)?

    Actually, I can't find the thread! But the solution is that installing it as Admin still lets it be used by other user accounts, and each user account.

  • Stuck on how to improve very slow query without any admin rights

    Hello All,
    I am using the code below to query a very large data table (RH) and a few other joined tables. I am trying to improve the query but I do not have any admin rights and have no idea how to get diagnostic info on how the query is being executed. Apologies for the system specific and probably not easy to read code but I do not have a generic version that anyone could run, and no admin rights so I can not create tables.
    The main part of the code below (subquery R) takes about 10 minutes to run (3 minutes without the date parameters) and the full code (with the two analytic functions on top) below takes an eye watering 30 minutes to run and this is only a subquery of a much larger query so I really need to get this running more quickly. All I want to do is place a cap on the dates, get partitioned row numbers and a lead row value on one of the fields. I really am stuck on how to get this query more efficient. Am I counting things multiple times unnecessarily? How can I make this quicker? Am I committing some cardinal programming sin in using analytic functions on subqueries?
    Apologies for the vaugueness of this code and my questions but I am totally clueless about diagnostics and basically have very limited system access so I'm stuck as to where to go or to look.
    Very grateful for any advice,
    Jon
    SELECT R.*
    , ROW_NUMBER( ) OVER( PARTITION BY R.RTBLE_ID ORDER BY R.EFF_DT DESC, R.CHG_DT DESC ) RN
    , LEAD(R.RTNG_CD,1,0) OVER( PARTITION BY R.RTBLE_ID ORDER BY R.EFF_DT DESC, R.CHG_DT DESC ) RTNG_CD_PREV
    FROM ( SELECT RH.RTNG_ID
    , RH.RTBLE_ID
    , RA.RTNG_ACTN_DESC
    , TYP.RTNG_TYP_DESC
    , RH.RTNG_CD_ID
    , RC.RTNG_CD
    , RH.EFF_DT
    , RH.CHG_DT
    , RAL.RTNG_ALRT_TYP_ID
    , RAL.EFF_DT ALRT_EFF_DT
    , RAL.CHG_DT ALRT_CHG_DT
    , RH.PRV_FLG
    FROM FTCH_RTNG.RTNG_HIST RH
    , FTCH_RTNG.RTNG_ALRT_HIST RAL
    , FII_CORE.RTNG_ACTN RA
    , FTCH_RTNG.RTNG_TYP TYP
    , FII_CORE.RTNG_CD RC
    WHERE RH.RTNG_ACTN_ID = RA.RTNG_ACTN_ID
    AND RH.RTNG_TYP_ID = TYP.RTNG_TYP_ID
    AND RH.RTNG_TYP_ID = RC.RTNG_TYP_ID
    AND RH.RTNG_CD_ID = RC.RTNG_CD_ID
    AND RH.RTNG_ID = RAL.RTNG_ID (+)
    AND RH.DELETE_FLG = 'N'
    AND RH.EFF_DT < TRUNC(CURRENT_DATE,'MM')
    AND RAL.EFF_DT < TRUNC(CURRENT_DATE,'MM')
    )R
    -----

    Thanks so much for replying blueforg, and for pointing out the code markup.
    Our server is in the US and we run our code from London, so it is the local time I am interested in, CURRENT_DATE is merely there to get that and as you suggest is not a column. I want my cap to the first of whatever month I run the code on so I'm happy with that bit of the code (so 1 Oct if I run it today). I'm just surprised at how slow my code becomes when I try and restrict the dates and get the row numbers and next row values.
    This code is actually a subquery used in a much bigger query that I am trying to tidy up and make more efficient. The RN is important as I will eventually be filtering for RN = 1. I didn't post the full query as it is huge,badly written (by me) and and particular to our databases so I'm tackling bits one at a time to cut down on confusion. I'll repost with the RN=1 and the code markup ;)
    I also restricting the RH table directly (SELECT * FROM FTCH_RTNG.RTNG_HIST RH WHERE RH.EFF_DT < TRUNC(CURRENT_DATE,'MM')) and moving the analytic functions into the R subquery but that is very slow as well. I heard that temporary tables are efficient? I'm assuming that with my rubbish priveleges I will not be able to do that. I don't want to take any chances of messing anything up either!
    Jon
    SELECT RT.* FROM
      ( SELECT  R.*
              , ROW_NUMBER( ) OVER( PARTITION BY R.RTBLE_ID ORDER BY R.EFF_DT DESC, R.CHG_DT DESC ) RN    
              , LEAD(R.RTNG_CD,1,0) OVER( PARTITION BY R.RTBLE_ID ORDER BY R.EFF_DT DESC, R.CHG_DT DESC ) RTNG_CD_PREV
        FROM  ( SELECT  RH.RTNG_ID    
                      , RH.RTBLE_ID    
                      , RA.RTNG_ACTN_DESC    
                      , TYP.RTNG_TYP_DESC    
                      , RH.RTNG_CD_ID    
                      , RC.RTNG_CD    
                      , RH.EFF_DT  
                      , RH.CHG_DT 
                      , RAL.RTNG_ALRT_TYP_ID    
                      , RAL.EFF_DT ALRT_EFF_DT    
                      , RAL.CHG_DT ALRT_CHG_DT
                      , RH.PRV_FLG    
                FROM    FTCH_RTNG.RTNG_HIST RH
                      , FTCH_RTNG.RTNG_ALRT_HIST RAL
                      , FII_CORE.RTNG_ACTN RA    
                      , FTCH_RTNG.RTNG_TYP TYP    
                      , FII_CORE.RTNG_CD RC    
                WHERE RH.RTNG_ACTN_ID = RA.RTNG_ACTN_ID    
                AND RH.RTNG_TYP_ID = TYP.RTNG_TYP_ID    
                AND RH.RTNG_TYP_ID = RC.RTNG_TYP_ID    
                AND RH.RTNG_CD_ID = RC.RTNG_CD_ID    
                AND RH.RTNG_ID = RAL.RTNG_ID (+)    
                AND RH.DELETE_FLG = 'N'
                AND RH.EFF_DT < TRUNC(CURRENT_DATE,'MM')
                AND RAL.EFF_DT < TRUNC(CURRENT_DATE,'MM')
                                                          )R  )RT
    WHERE RT.RN = 1-----

  • CC for teams with Managed Desktops (ie no user admin rights)

    HI,
    Just getting started with CC for Teams. I like the concept of assigning users, but finding some lumps in our environment: Windows 7 with managed multiuser desktops. USers have limted rights on their workstations and cannot install software. Also we have users who use more than 1 system or use a system in a confernece room while in collaborative meetings.
    So users cannot download from adobe and run installer - no rights. Oh well its really slow anyway....Oh yeah updates - those don't work as well either....
    I need to distribute the apps to the workstations and allow users to sign in and out. I can see that I may be able to get it to work with SCCM, but for now to test I logged in as admin, signed into CC, installed an app, then logged out of cc.
    Invite UserA to the team.
    UserA logs in, starts app, signs into CC - all good so far. But to sign out user gets an error - please start in administrator mode.
    WHAT!?? userA needs does NOT need admin priveleges to sign in but DOES need them to sign out???
    Is there a resolution for this or some kind of workaround? Otherwise I have to log into the workstation as admin to log the user out? That pretty much defeats the value of the admin console.
    BTW - It really would be even nicer it it just use their windows credentials (or have the log in mechanism manage the CC connection) - log in to the desktop and you are good to go - log out and you are signed out of cc as well.
    PS - please fix the multiple license acceptance thing - feel like I'm using the nav system in my car - ONCE is enough...

    Same problem here, on Mac OS X. Maybe someone at Adobe can elaborate on what they were thinking and how they're going to address this issue...

  • Granting a user admin rights for computer binding only

    Our OD is configured to require authentication when binding a computer to the directory. We want to give this responsibility to the help desk department but we do not want them to have the "diradmin" password. We also do not want them to be able to modify users/groups. They should only be able to bind computers. Is this possible?

    Leif Carlsson wrote:
    Any OD user is supposed to be able to bind computers to the OD up to 10 times.
    I haven't really tried this and is also interested in knowing if there is an ability to have what you are asking for.
    Do you have any documentation to support that? I can't support that claim. Below I will post a log of a user (y000xyz) being created by diradmin then being denied when binding a computer via "Directory Utility" with the error "y000xyz is not an administrator"
    Apr 22 2010 06:29:42 AUTH2: {0x4bcde0fe6b8b45670000000200000002, diradmin} DHX authentication succeeded.
    *Apr 22 2010 06:29:42 NEWUSER: {0x4bcde0fe6b8b45670000000200000002, diradmin} created new user {0x4bd04f463531a0290000000d0000000d, y000xyz}*
    Apr 22 2010 06:30:09 RSAVALIDATE: success.
    Apr 22 2010 06:30:09 AUTH2: {0x4bd04f463531a0290000000d0000000d, y000xyz} DHX authentication succeeded.
    Apr 22 2010 06:30:09 RSAVALIDATE: success.
    Apr 22 2010 06:30:09 USER: {0x4bd04f463531a0290000000d0000000d, y000xyz} is the current user.
    Apr 22 2010 06:30:09 AUTH2: {0x4bd04f463531a0290000000d0000000d, y000xyz} CRAM-MD5 authentication succeeded.
    Apr 22 2010 06:30:11 RSAVALIDATE: success.
    Apr 22 2010 06:30:11 AUTH2: {0x4bd04f463531a0290000000d0000000d, y000xyz} DHX authentication succeeded.
    Apr 22 2010 06:30:11 RSAVALIDATE: success.
    Apr 22 2010 06:30:11 USER: {0x4bd04f463531a0290000000d0000000d, y000xyz} is the current user.
    Apr 22 2010 06:30:11 AUTH2: {0x4bd04f463531a0290000000d0000000d, y000xyz} CRAM-MD5 authentication succeeded.
    *Apr 22 2010 06:30:11 CHANGEPASS failed because {0x4bd04f463531a0290000000d0000000d, y000xyz} is not an administrator.*
    Message was edited by: iSauce

  • Install xcode without admin rights

    Hi!
    I have a work MacBook Pro which my team purchased however our IT department insisted on putting admin rights on it. I have managed to download xcode from the app store however because xcode wants to make changes it requires admin rights. Now, one of the main reasons I have been purchased the MacBook is because I need to work from home for personal reasons. The only thing IT department have suggested to me is for me to travel to work for them just to put a password in.
    Is there a way where I can install xcode without these admin rights? I first hit these admin rights when I need to agree to a license agreement.
    Any help would be much appreiciated!

    Bad news I am afraid.
    Apple properly implement UAC (User Access Control) whereby whenever something tries to install itself it does ask for an admin level authentication. Microsoft's effort in this area ***** big time even if in other areas they may be better than Apple.
    Therefore as things stand you need it to be authenticated by an admin level password.
    Now looking forwards there are two possible approaches which would make both your IT department happy and let you work.
    If your IT department sets up a system whereby they can remotely control your computer they can remotely authorise the installation. This is an absolute pig to do with Windows machines as in Windows normally the authorisation dialog kills the remote control session but thankfully it is easy with Macs. This may require having a VPN connection to the office but some remote control systems do not need this e.g. LogMeIn
    or they could set up a 'self-service' software install system like Munki. There would be a server with the installers on it including the XCode installer and your Mac would be configured to talk to this, you Mac would have the Munki Managed Software client on it and this client would manage installing the applications and would also manage the authorisation for you meaning you would not need to enter a password
    Even once you have XCode installed it is my experience that using it to develop software usually requires admin access anyway, the development company I worked at in support therefore conceded the inevitable and gave all the devs admin level accounts with the understanding that if they broke things they had to fix it themselves.

  • Enable Flash Player in Mozilla Fire Fox without Admin Rights

    Hi,
    I am from australia i have a question how do i enable flash player in my system without admin rights. at present there is no access to install software to my system. please help thanks in advance
    Regards
    John Burns

    Hi John,
    Admin rights are required for installing Flash Player because it installs to a system-wide location which requires elevated permissions to write to.  Due to this, there is no way to install Flash Player without having Admin rights.   Since it writes to a system-wide location, any user on the machine with Admin rights can install Flash Player.
    Maria

  • Update says another copy is running and does not update if user does not have local admin rights

    An update message popped up when opening Firefox 9.1 Accepted the message to update. Got above error each time I open Firefox as a user without local admin rights.

    Hi,
    Please see [https://support.mozilla.org/en-US/kb/Updates%20reported%20when%20running%20newest%20version#w_delete-update-configuration-files this.]

  • Giving Non-Admin User Admin Privileges to One Program

    Aaron19 wrote:
    Unfortunately updates don't erratic on when they come out. 
    Are erratic?
    I'm assuming the updates happen with such frequency that requiring IT to install them is a major hassle. Your other option is to find a way to script the install and push it to the required workstations.

    I thought I would come to the community and ask if there is any way to give a non-admin user admin rights to one program so that he can run updates.  I looked into making an elevated shortcut which worked to no avail.  Unfortunately updates don't erratic on when they come out.  Was just curious if there is an ability to give the user who is having problems admin privileges to this program without an admin password.  
    This topic first appeared in the Spiceworks Community

Maybe you are looking for