Can I modify a Windows 7 environment to allow a .NET program to always run as Administrator?
What you can do, is:
- Create a Scheduled Task and configure it to run with elevated privileges as an administrator account
- schedule it to never run, and then place a shortcut to running the task from the standard users dekstop.
This way, the user is able to run the specific program with an admin token, but no others (if users try to modify the scheduled task, they will not be able to apply the changes without the administrator credentials).
There's a pretty explanatory step-by-step guide over at win7 forums: http://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html
A better approach would be to determine what resources your custom application and the Dataflex application are accessing, and grant the Authenticate Users permissions to those resources. You may even be able to grant access by using group policy. This is not specific to Dataflex, this is the approach that should be taken with every application.
The resources are typically files, folders, and registry keys. Less often, it may also need to do special functions, such as create global sections in memory, which is a Windows right that can be granted through group policy.
You can determine the resources that are accessed by using SysInternals' Process Monitor.
If you find that an application needs write access to a folder, and that folder has executables that you prefer that the user not have write access to, one trick is to disinherit the access for the executable files from the parent folder, and grant Authenticate Users only Read and Execute to those files.