28 Apr 04 6:13
Apologies for the delay in replying but I've been slowly working my way through comparisons of registries on 'working' and 'non-working' PC's.
Sorry, I don't think I explained this well enough. Our 'stock' PC's are Compaq D530's. They have all been cloned from the same Ghost disk image and 'runas' works as I want on all of them. The PC's all autologon to Windows using a 'Power Users' account. Things like 'Control Panel' are hidden from 'Power Users' to deter changes.
Help Desk staff use VNC to remote in and can select my amended 'Administrative Tools'. One amended tool runs 'Windows Explorer' with Administrator credentials, another runs 'Control Panel' with Administrator credentials. All my amended 'Administrative Tools' first popup a prompt for the 'Administrator' password then pipe this to my scripts (using either sanur.exe or sendkeys) which, in turn, run prgrams like 'explorer.exe' and 'control.exe.
These scripts all work perfectly on the Compaq D530's, i.e. you CAN start a new Explorer process with Administrator credentials without having to close the Power Users Explorer process or switch user (which we can't do because our use of Novell Client 32 disables Fast User Switching even though the Secondary Logon service is running).
My problem is with a Compaq D510 I'm prepping for use as a new disk image. I'm using exactly the same 'Administrative Tools' scripts I use on the Compaq D530's but the scripts that call explorer.exe and control.exe (which DO work on the D530's) DON'T work on the D510.
I've gone through the setup process time and time again and the only difference I've found so far is that the setup of the D530's was completed after SP1 and MOST of the other critical updates were installed, EXCEPT for the last 5 issued recently (i.e. the last 5 critical updates were added to an image where 'runas' was already working as expected with 'explorer.exe' and 'control.exe' and still continues to do so). The setup of the D510 was completed using the same process except SP1 and ALL the other critical updates were installed, INCLUDING the last 5 issued recently.
I've almost given up trying to fix this - but can't roll out the image until it's fixed. I cannot see any option other than to create the disk image all over again and install SP1 and the critical updates in exactly the same order as I did with the D530 image, checking every step of the way to find out when 'runas' stops working with explorer.exe and control.exe.