Quickbooks 2010 & LUA+SRP

Discussion in 'other software & services' started by nineine, Jan 9, 2010.

Thread Status:
Not open for further replies.
  1. nineine

    nineine Registered Member

    Joined:
    Sep 13, 2009
    Posts:
    140
    Hello everyone,

    I was wondering if anybody here is a Quickbooks user and has managed to successfully make it work in a Limited User Account with SRP. I have been searching around the internet and haven't been able to find anything related to this on newer versions of Quickbooks. I can only find workarounds for upto version 2006.

    Is it possible to use Quickbooks 2010 (or 2009) in an LUA or does it require an Admin account? If it is possible, what additional rules must be made and what ACL changes are needed? Thanks.
     
  2. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    Quickbooks is one that I've seen mentioned a lot when people have problems with apps that won't work in a LUA. Consider SuRun, it's quite useful and makes life with LUA much more comfortable. There's a (very long) thread about it here and Mrkvonic's very handy tutorial here.

    With this you can run problem apps from within your LUA as admin. In contrast to using "run as" it runs in your LUA's user environment rather than in that of the admin account. It also has some security advantages compared to "run as". I've been using this for quite a while now and it's a godsend.
     
  3. nineine

    nineine Registered Member

    Joined:
    Sep 13, 2009
    Posts:
    140
    Is it possible to setup SuRun to automatically elevate just Quickbooks everytime your run it without entering a password? Could SuRun otherwise be completely disabled so that it is not allowed to elevate anything else?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Hi Nineine

    I don't use LUA or SRP, so I don't know. The only thing I do any differently with Quickbooks 2010 is it has some neat online features. When I run these, I do use Online Armor's Banking mode which ensures I am going where I think I am.

    I do run in Admin mode as a standard, and it's not been a problem for me.
     
  5. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    I use Quickbooks 2010 with LUA and SRP just fine here. Never have had a problem. Things can get quirky if the auto update feature prompts user to install an update, and the user tries and it fails then they go and do crazy things because they think Quickbooks is broken or something...
     
  6. nineine

    nineine Registered Member

    Joined:
    Sep 13, 2009
    Posts:
    140
    Could you please elaborate on how you have it setup? Do you use SuRun or UAC to give Quickbooks elevated rights, while you are running it within LUA? Was Quickbooks 2010 installed from the Administrator Account and then used regularly from the LUA? Did you add any additional rules to the SRP or make any changes to the ACL's to make it function properly? Were any changes made to the registry? What do you do when you want to run auto update? Do you log out of the LUA, log in to the Administrator Account, run QB, update it, then log back in to LUA? Oh and also, what OS are you using?

    Sorry if I am asking you way too many useless questions. I just want to make sure I have all the info that I need. I hope everyone here know that you answers are very helpful to me! I am sure many other QB users will find this thread helpful, because I have not been able to find answers to these questions online for the last three QB versions.
     
    Last edited: Jan 10, 2010
  7. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    I installed QB 2010 with the administrator account, and use it without any modifications at all to privileges for users.

    As far a SRP policies, I have default deny all. When you use the default restricted, Microsoft automatically enters 3 or so registry rules for the file paths of the program files directory and windows directories so you do not lock yourself out. So you do not have to enter any other rules actually after you make default to restricted unless your running programs from places other than your root: program files and windows system directories. For the file extensions of SRP I delete the *.lnk so that shortcuts work.

    haven't worked on the auto-update issue yet, now I just login as administrator or runas admin and install the update. In the future I may look into running the update.exe with elevated privileges.

    Running mainly XP SP3, and Vista SP2.

    If you are having problems, "Sysinternals process monitor" is a great tool to find permissions issues and "BeyondTrust® Privilege Manager" is awesome. Privelege Manager is free for the local policy (not group policy) and can be used to run individual *.exe's with elevated rights and a bunch of other cool tricks to help with running in LUA with fussy applications. All this being said, I have not had to use either of these tools with Quickbooks 2010 though. As far as, my experience Quickbooks 2010 does not have any major issues running in LUA environment with SRP default deny.

    You mention that you have had problems with other versions of QB. I have used other versions of QB from 2006 to 2010 and not had issues with this setup. So maybe, running process monitor may uncover what the issue is. Sounds like maybe it's not a default installation, or you have some addin's or point of sale modules that may be conflicting. Again, process monitor will shed some light on this.

    If nothing else, use BeyondTrust® Privilege Manager and create a path rule for the main Quickbooks executable and give it full administrator privileges, and extend those privileges to processes started from that main Quickbooks executable. This will clear up any privilege issues if you cannot figure it out otherwise.

    hope this helps...
     
    Last edited: Jan 10, 2010
  8. nineine

    nineine Registered Member

    Joined:
    Sep 13, 2009
    Posts:
    140
    I have my SRP's setup the same way as you do, with default deny and the windows/program files directories unrestricted. On top of that I have some additional rules to prevent execution of cmd, regedit, etc, which I picked up from the Vista LUA/SRP thread.

    I have never actually tried using Quickbooks in a LUA before. After doing research on the subject, all I could find were registry tweaks to make QB 2005, 2006, & 2007 work in LUA. I found something from Intuit that mentioned QB isn't compatible with LUA and must be installed in an admin account. There was no info at all to be found for the last three versions running in LUA.

    Thanks for those tools you mentioned. I will definitely be adding those to my arsenal. When I have my SRP and a few other security apps configured how I want them, I will install QB 2010 on my machine. I'll then use Sysinternals Process Monitor to see where update.exe attempts to install the downloaded updates. Maybe the location needs to/could be reconfigured to be in the users folder or Program Data. Ill then use BeyondTrust or SuRun if needed, depending on what update.exe needs.

    Thanks you for that detailed post. That was really helpful and you gave me all the answers I was looking for.
     
Thread Status:
Not open for further replies.