Cannot Start Executable

[Guest Will]

On a Windows 2003 server, I am logged in as an ordinary user and am trying

to execute an Intuit application. I am getting an immediate failure when

trying to start the application from its program group in the form of a

modal dialog that says:

 

"Windows cannot access the specified device, path, or file. You may

not have the appropriate permissions to access the item."

 

Normally I am very good at debugging through security problems on file ACLs.

In this case though I am perplexed. The eventviewer has failures for the

560 open attempt on the executable that is as follows:

 

Object Open:

Object Server: Security

Object Type: File

Object Name: C:\Program Files\Quicken Legal Business Pro 2008\qlb.exe

Handle ID: -

Operation ID: {0,1688114}

Process ID: 3796

Image File Name: C:\WINDOWS\explorer.exe

Primary User Name: myordinaryuseraccount

Primary Domain: MYDOM

Primary Logon ID: (0x0,0x15CE70)

Client User Name: -

Client Domain: -

Client Logon ID: -

Accesses: READ_CONTROL

SYNCHRONIZE

ReadData (or ListDirectory)

ReadEA

ReadAttributes

 

Privileges: -

Restricted Sid Count: 0

Access Mask: 0x120089

 

 

My ordinary user account has these permissions selected by indirect access

give to Users group of:

 

Execute File

Read Data

Read Attributes

Read Extended Attributes

Write Attributes

 

So why is the application refusing to start up? And why is Eventviewer

logging a 560 event code failure on the executable above when I have all of

the listed permissions required?

 

Note I get the above failure even if I give the local Users group FULL

CONTROL access to the applications subtree!

 

--

Will

[Guest Will]

Re: Cannot Start Executable

 

I solved this problem by using the Standard User Analyzer application in the

Microsoft Application Compatibility Toolkit 5.0.

 

I don't understand why, but the security log messages in eventviewer were

wrong and left out all of the important facts. The real problem was a

failure to create two temporary files in the program folder. So why isn't

eventviewer recording that failure to create those specific files instead of

this very generic message shown below?!

 

I solved the problem by giving the Users group an additional create file

permission in just the root folder of the application's installed program

folder, and adding Full Control permission for CREATOR OWNER.

 

It looks like Standard User Analyzer is going to become one of my best

references for these problems, and it looks like EventViewer is not giving

very good information and needs some work.

 

--

Will

 

 

"Will" <westes-usc@noemail.nospam> wrote in message

news:P_6dnWfAwZaJ8FbanZ2dnUVZ_tuonZ2d@giganews.com...

> On a Windows 2003 server, I am logged in as an ordinary user and am trying

> to execute an Intuit application. I am getting an immediate failure

> when trying to start the application from its program group in the form of

> a modal dialog that says:

>

> "Windows cannot access the specified device, path, or file. You may

> not have the appropriate permissions to access the item."

>

> Normally I am very good at debugging through security problems on file

> ACLs. In this case though I am perplexed. The eventviewer has failures

> for the 560 open attempt on the executable that is as follows:

>

> Object Open:

> Object Server: Security

> Object Type: File

> Object Name: C:\Program Files\Quicken Legal Business Pro 2008\qlb.exe

> Handle ID: -

> Operation ID: {0,1688114}

> Process ID: 3796

> Image File Name: C:\WINDOWS\explorer.exe

> Primary User Name: myordinaryuseraccount

> Primary Domain: MYDOM

> Primary Logon ID: (0x0,0x15CE70)

> Client User Name: -

> Client Domain: -

> Client Logon ID: -

> Accesses: READ_CONTROL

> SYNCHRONIZE

> ReadData (or ListDirectory)

> ReadEA

> ReadAttributes

>

> Privileges: -

> Restricted Sid Count: 0

> Access Mask: 0x120089

>

>

> My ordinary user account has these permissions selected by indirect access

> give to Users group of:

>

> Execute File

> Read Data

> Read Attributes

> Read Extended Attributes

> Write Attributes

>

> So why is the application refusing to start up? And why is Eventviewer

> logging a 560 event code failure on the executable above when I have all

> of the listed permissions required?

>

> Note I get the above failure even if I give the local Users group FULL

> CONTROL access to the applications subtree!

>

> --

> Will