FAQ: Giving non-administrative users of Windows 2000 and XP access to ATM Deluxe

LEGEND ,
Mar 17, 2004 Mar 17, 2004

Copy link to clipboard

Copied

In order for a restricted user to launch the ATM control panel and add or remove fonts, they will need to have access to the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Type Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Type 1 Installer\Type 1 Fonts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Fonts

Adapted from material originally posted by Lance K

Views

8.0K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 23, 2004 Mar 23, 2004

Copy link to clipboard

Copied

I have a regular user in win2k that has been given permission to all three keys. Upon exiting ATM4.1 deluxe, i get the following errors:
ATM Database File Error:
Unable to write ATM registry database. Disk may be write protected, out fo free space or the file may be in use by another application.....

Thanks in advance!

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 24, 2004 Mar 24, 2004

Copy link to clipboard

Copied

Hi Jose,

Please keep in mind that ATM is not designed or intended for users with restricted access. Users must have Standard or Power User rights in order to use ATM as designed.

Out of curiousity, what specifically is your user trying to do in the ATM Deluxe control panel? Despite receiving the error message, are they successful in doing whatever it is they were trying to do? (e.g., if they were trying to enable a font, did the font then show up in applications as expected?)

Lance

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 14, 2004 Apr 14, 2004

Copy link to clipboard

Copied

I've given the rights to these keys, but saving or exiting the program is a problem. Somehow, ATM still needs to write the settings somewhere.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 19, 2004 Apr 19, 2004

Copy link to clipboard

Copied

Jose is correct. There has to be some other place that needs to write the changes to (and we need to give write permission).

The program will open allow you to add the fonts, but when you try to exit, it says "Retry", "Don't exit", "Don't save".

Any suggestions?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 22, 2004 Jul 22, 2004

Copy link to clipboard

Copied

I used a program called FILEMON (http://www.sysinternals.com/ntw2k/source/filemon.shtml) to see what files ATM is accessing:

C:\WINNT\ATMREG.ATM
C:\WINNT\ATMREG.NEW

The first file appears to be the ATM registry. The second file is created, written to, and deleted. It looks like the .NEW file is a temp file used to generate a new .ATM file.

If we can specify a new location for these two files then those of us with legitimate security needs should be able to use ATM instead of constantly having to log off the designer, log in as admin, watch them make the font changes, log off admin, and let the designer log back in...

Any ideas?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 28, 2004 Jul 28, 2004

Copy link to clipboard

Copied

The most worst thing in ATM is that it want to have write acces into the windows dir but u can fix it (change locatine for ATMREG.ATM file Ive changed the locatino to %systemroot%\atm and made shure that Standard user have the rights to write and delite files there).

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 03, 2004 Aug 03, 2004

Copy link to clipboard

Copied

The question for me is, how did you tell ATM the new location of the ATMREG.DB file??? I am digging through the HKLM\SOFTWARE branch of the registry as I type this... but I am at a loss for where to make this change.
Thanks in advance
--Joe

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 09, 2004 Nov 09, 2004

Copy link to clipboard

Copied

Hi,

how did you change the location of the atmreg.atm file? adobe support was not able to tell me this...

Thanks

Manuel

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 09, 2004 Nov 09, 2004

Copy link to clipboard

Copied

Manuel,
Unfortunately, I wasn't able to do this... I had to use advanced permissions on the %SYSTEMROOT% folder so that the specific group of users I have are the only ones allowed to write to it. It uses a temp file, and writes it to c:\winnt while it is working with it (which is only when ATM is writing changes to the atmreg.atm file at application close time)... so your user(s) will have to have only the "Create Files/Write Data" permissions to the whole of the winnt folder (and modify permissions on the atmreg.atm file) to use atm. I had to use a utility that traces thread, file & Registry access to determine how to make this work. This is the ONLY way, ATM is hard-coded to use atmreg.atm in the system root folder (as well as to use the temp file in the system root folder), and it needs create files/write data permissions on the system root folder to use the temp file. I hope this makes sense to you... if not, e-mail me jlatuscha@sunjournal.com and I will send you my document for fixing the problem.
Good Luck
--Joe

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 09, 2004 Nov 09, 2004

Copy link to clipboard

Copied

Thanks,

Power Users...

only a few users are using ATM and so it is possible to give them "Power User" rights and all problems are fixed, without some special rights in %SYSTEMROOT%

your answer is the same as Adobe Support gives to me. we have a reason to use the "Power User" solution and all problems are fixed...

not the best way, but it works...

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 09, 2004 Nov 09, 2004

Copy link to clipboard

Copied

I try not to use the 'Power User' solution. It opens the machine up for Spyware Infestations (since the user has elevated system privelages, they can write data almost anywhere as a power user). Leave your users as basic users, and explicitly give them write files/change data to only the systemroot folder. This keeps them from editing the registry and other tasks that they really shouldn't be allowed to do (for system security reasons). If you are not that concerned for the saftey of your systems, network, servers and more, make them power users, but I would do so with great caution if these machines are in any way connected to the internet (yes, even the greatest firewall in the world can't stop spyware, since most of it is installed through IE's ActiveX RPC's).

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 09, 2004 Nov 09, 2004

Copy link to clipboard

Copied

Yes! No question!

But our customer prefers easy solutions without special rights throug GPOs for a special application...

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 05, 2005 Jul 05, 2005

Copy link to clipboard

Copied

I am also having the same problems as Jose and Chris... please help.
Michael

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 20, 2005 Jul 20, 2005

Copy link to clipboard

Copied

LATEST
Give the users the full control access to the aforementioned registry keys. Then, give the specific user (or group) permissions to write/delete to the WINNT (Windows 2000) or WINDOWS (Windows XP) folder (I use the advance permissions on the folder as opposed to the generic 'Modify' permission in the security tab of the folder properties, as it allows me to only give the one or two permissions needed to the job), but DO NOT PROPIGATE THE PERMISSIONS TO CHILD FOLDERS, as this would be a massive security breach above and beyond giving them write access to the system root folder. The reasoning for the permission granting is that ATM needs to create and then delete a temporary database in the %systemroot% folder when the application is closed, so these permissions are mandatory in order to give a standard user (why Adobe never made this more seamless and used a more public area on the hard disk is baffling to me).

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines