Level 2

Question

Allow Non local Administrator to update Lacerte

Forum|Forum|6 years ago
December 7, 2019
4 replies
0 views

To combat Ransomware, we are attempting to setup users without local Administrator rights. Users can open Lacerte and QuickBooks, however they cannot update either application. From what we understand Lacerte releases updates just about every week and more often during tax season.

As a work around we created additional icons to the application which run the application as an Administrator. The idea being that when Lacerte prompts for an update. They close Lacerte, Open Lacerte using the script below. The first time the password needs to be provided, however subsequent use does not require providing the password, the “savecred” provides the password.

C:\Windows\System32\runas.exe /savecred /user:DomainName\Administrator C:\Lacerte\18tax\w18tax.exe

C:\Windows\System32\runas.exe /savecred /user:Local Administrator C:\Lacerte\18tax\w18tax.exe

Problem is that regardless of whether you use a domain Administrator or a local Administrator, the above scripts do not see Mapped network drives.

We set Group Policy based on the following article to no avail.

https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-co

This is obviously a Windows issue , but having said that , has any other Lacerte Administrator dealt with this issue and resolved it ?

Lacerte Tax

This topic has been closed for replies.

qbteachmt

Level 15

Your examples show you are using the C:, so what is on the mapped drive that needs updating? Have you tried substituting the UNC for the mapped drive letter? Is there no one that can log into the network system as Admin to do the updates for your distributed users?

I don't use Lacerte; I support many QB clients. I like to install for All Users, and set the program icon to Run as Admin. The only issue I have run into is when someone uses the Windows Defender setting for controlling ransomware by setting protected folders. They need to exclude the QB program folders from that protection, or the update fails.

When a program gets updates through the "backside server" connection, it's unlikely you would see ransomware.

*******************************Don't yell at us; we're volunteers

W

waymck

Level 2

I've run into the same issue. Gave everyone full control of the Lacerte directory, files. The Lacert directory under common files. Without resolution.

Tried the runas with an administrator account command line in the program shorcut. Lacerte cannot find the network drive. Hit cancel at "do you want to reconfigure". The next window successfully browses to the network drive and files. Program updates. Close the application. Launch it and again it cannot find the network drive. Worked with support for 3 hours with no solution.

Tried launching the program through a task with elevated permission. The program fails to launch.

With 2-3 updates per day during Tax season, requiring administrator privileges to update the application files is ludicrous.

I've started digging through a Process Monitor log that I created to examine Access Denied and work on required permissions. Doing the programmers job.

P

PHC_CPA

Level 3

Were you able to resolve this issue?

qbteachmt

Level 15

As I described, have you tried UNC instead of Mapped drive?

https://www.techwalla.com/articles/unc-path-vs-mapped-drive

*******************************Don't yell at us; we're volunteers

P

PHC_CPA

Level 3

I am already using UNC for Lacerte so that does not resolve the issue. Also I'm not the original poster.

C

CSG

Level 2

Good Afternoon it is March 1st 2023 and we are running into the same problems with Lacerte updates.

All workstations have a local installed version of lacerte and users can open and use lacerte with no problems, however when an update is available, they cannot update the program themselves as they are not in an administrators group.

I have to log into each workstation as a local admin or domain admin to run the lacerte updates.

Users need to be able to run updates themselves without being held up waiting on IT support.

Is there a way around this on Lacerte's side or is this a situation where IT support has to do the updates every day or make users local admins which is a security concern?

sjrcpa

Level 15

"Is there a way around this on Lacerte's side"

Not that I've been able to find. They made this change-users must have admin rights to update Lacerte-10-15 years ago. I complained when they did, and a few times since. No change.

"is this a situation where IT support has to do the updates every day or make users local admins which is a security concern?" Yes

The more I know the more I don’t know.

Sign up

Login with SSO

Let's get you signed in

Login with SSO

Scanning file for viruses.

This file cannot be downloaded