I have run into a problem regarding the user rights for the users versus the rights for the software. This affects Windows XP up to Windows 10.

The policies for us is that users should not have the rights to move, modify, delete etc. the data produced by the software. However, some of our software saves the data in folders in which all the users have full rights for everything. The problem arises when we lock down the folders for users which results in that the software can no longer write in the folder. So here starts our dilemma, how do we lock down the rights without interrupting the software.

Our thought process has been the following:

• Run the software as an admin with Runas savecred => Terrible idea for Windows 10 as any user now can run any software with admin rights.

• Lock down the files after they are saved => Works okay with separate files depending on when the software release the file. This has, unfortunately, two problems.

• In some programs, when the user saves part way, the system releases the file, the user will not be able to save a second time.

• Continuously updated files, for example, larger log files or databases can´t work this way.

• Run the software from task scheduler with elevated rights => As soon as the box "Run whether the user is logged in or not" is checked it will no longer work, as the programs are dynamic software. The closest I got was to configure for Windows XP and it worked as long as the user that ran the task was the user.

I have now run into a wall with this, how do I get this to work? Is the thinking process to run a program as an admin the wrong approach?