RISC World

Using Virtual RPC-SE (and VA5000) with 'Restricted Users' on Windows XP

John Crane shares a helpful hint or two...

I've had VA5000 for some time on my Windows XP PC and recently upgraded to VRPC-SE. As what I'm writing here applies equally to both products I shall just refer generically to Virtual Acorn (or VA from here on). Similarly all my references to Windows XP are good for both Home and Professional products.

I have separate user log-ons on said Windows machine, myself with full administrative privileges and everyone else, as what Windows XP affectionately calls 'Restricted users'. In the main to stop my kids fiddling.

I bought Virtual Acorn (at least partly) so that I could effectively have two Acorn Computers on the go at once. I transferred all the kids' Acorn games etc onto the emulated machine so that they could play them whilst I could claim sole ownership of my Risc PC.

Anyway I soon discovered that, because of the way VA works that you really need to be logged on with administrative privileges for it to work. Indeed from a fresh install it will crash without even loading if you try to run it whilst logged on with a 'Restricted' account.

Anyway being a dabbler at heart I set about 'fixing' it so that it would work for 'Restricted' users. I informed Aaron, once I had it sussed and he then invited me to share the experience (that's just a little Windows pun sorry)! So I've put together a step by step guide with appropriate ScreenShots.

A point to note is that my PC is set up with 'Windows Classic' view as against out of the box 'XP TellyTubbies' view, so it may look slightly different to what you have, but not drastically.

There are a couple of prerequisites before you continue.

  • A reasonable familiarity with Windows definitely helps.
  • You need to be logged on with Administrative privileges to perform 'The Fix'.
  • Ensure you are not using 'Simple File Sharing' as this does not give you sufficient access to set permissions to the level required for this 'fix'. This is set 'On' by default in XP and so if you have never altered it you will need to turn it 'Off'.

To turn off 'Simple File Sharing' open up Windows Explorer and on the tool bar select Tools - Folder Options.

In the window which appears select the 'View' Tab and in the area towards the bottom scroll right down to the bottom until you find 'Use simple file sharing (recommended)' This will be ticked by default. Untick it. You will probably get a warning message asking if you're really sure, so say 'Yes'

Applying 'The Fix'

You are now ready to start in earnest. Assuming you have installed VirtualAcorn in the normal way proceed as follows :

Using me by way of example. I've installed Virtual Acorn whilst being logged on as 'John'. So by default Virtual Acorn will be installed in my 'Start Menu'. This equates to C:\Documents and Settings\John\Start Menu\Programs and probably a desktop shortcut which equates to C:\Documents and Settings\John\Desktop.

In Windows Explorer - Right Click on the relevant shortcut / Start Menu Group and select Cut from the drop down menu

then navigate to C:\Documents and Settings\All Users\Start Menu\Programs. Now Right Click in the White Space in the Right Hand pane and select 'Paste' from the drop down menu.

Do similar for the Desktop Shortcut this will (following the same logic) end up in C:\Documents and Settings\All Users\Desktop.

This ensures that the shortcuts appear to everyone who logs on (hence all users). It is likely though that, as the shortcuts were originally installed under 'John', only 'John' and any other administrative users will have permission to access the shortcut (s), so the next step is to ensure all users have relevant permissions.

In Windows Explorer - Right Click on the relevant shortcut / Start Menu Group and select 'Properties' from the drop down menu.

In the window which appears click on 'Security' Tab and ensure Permissions for 'Everyone' group are as per the screenshot.

(You may to need to Click 'Add' and then select 'Everyone' group before it actually appears in the list)

Again follow similar logic for the 'Desktop' shortcut

You have now ensured that anyone who logs on (no matter what their level of access) now has permission to access the shortcut(s), and start Virtual Acorn. However we've not quite finished with permissions as if you now logged off and logged back on as a 'Restricted User' and attempted to run Virtual Acorn it would crash without loading. Basically as the program starts it must need some sort of modify / write access to the actual 'Program Files' directory to enable it to successfully load. Restricted Users by default are not allowed to access directories within 'Program Files' so in Windows Explorer navigate to C:\Program Files\ VirtualAcorn. Now Right Click on VirtualAcorn and select 'Properties' from the drop down menu.

Then give 'Everyone' 'Full Control'

As previously you may have to click on 'add' and select the 'Everyone' group.

A point of note here. If you apply the permissions at this level, all subdirectories within VirtualAcorn will inherit these permissions. Thus if you buy Virtual A5000 and set these permissions and then subsequently install VRPC-SE at a later date, the permissions will automatically filter down to the new install.

Ok nearly there now. At this point VA will run for 'Restricted Users', with one restriction. If you click on the CD drive within VA it will show as 'CDdrive cannot be found' This is because VA talks to the CD Drive at SPTI (SCSI Pass Through Interface - Ed) level and you need admin level access to do this.

There is a work round though with the following proviso. If you implement it, you will not be able to share your CD Drive out over a network and also if you ever access your machine remotely via Terminal Services the CD drive will not be available. If neither of these are a problem the following will allow 'Restricted Users to 'get the CD drive back' in Virtual Acorn.

Go to 'Start' - 'Run' and type MMC

An MMC console window will appear. Click on 'File' - 'Add/Remove Snap-in'

In 'Add/Remove Snap-in' window Click 'Add'

In 'Add Standalone Snap-in' window select (highlight) group policy and Click 'Add'

In 'Select Group Policy Object' window 'Local Computer' will be highlighted. Click 'Finish'

In 'Add Standalone Snap-in' window click 'Close'

In 'Add/Remove Snap-in' window it should now say 'Local Computer Policy'. Click 'OK'

Now under Console root by clicking on the + Signs expand

Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\local policies.

Finally clicking on Security options so it is highlighted. Policies should now be displayed in the right hand pane.

Double Click on : Devices: Restrict CD-Rom access to locally logged-on User only. (This will be disabled by default).

In the box which appears click on 'Enabled' then 'Apply', then 'OK'.

Close the MMC console, say 'No' in the box asking you to 'Save Console Settings'.

You've finally done it! Restricted Users can now use Virtual Acorn without any problems, so you can allow your loved ones to use RISC OS without worrying about them messing around with your Windows installation.

John Crane