While installing and configuring the MEP Mobile Client on Windows PCs, it’s usually easiest to use a system administrator account to install and run the PC Mobile Client (right-click > Run as administrator), but that is not always an ideal solution.
Without the proper Windows user permissions, Mobile Client may be unable to create and update data needed for logins, MEP client app syncing, and other local data operations that customer apps may require.
This guide will provide examples of how an administrator can configure PC Mobile Client installations to allow users to fully operate the application without providing them with Windows administrator permissions.
First Windows User Scenario
The PC Mobile Client installer needs to be run as an administrator when initially installing the Mobile Client application to a PC, but when the installation completes, there is a checkbox to run Mobile Client on exit. If left enabled, this will launch Mobile Client with administrator permissions, resulting in all the files in the ‘C:\ProgramData\DSI\Mobile Client\’ directory being created and “owned” by the Windows administrator account.
Unchecking the box at the end of the installation wizard will prevent Mobile Client from launching automatically, and allow the intended Windows user to launch the Mobile Client PC application first, and then “own” the Mobile Client data contents.
Windows User Ownership Reset
If the admin forgets to uncheck option to start Mobile Client after install completion, then can clear the entire directory and launch it as the Windows user who needs to run Mobile Client. If the ‘C:\ProgramData\DSI\Mobile Client\’ folder is empty, missing, or renamed when the PC Mobile Client app starts up, then Mobile Client will recreate the data to be “owned” by the active Windows user account. The user will be prompted to enter the MEP server connection details.
Manual Windows Security Permissions Method
If multiple/different users may be sharing a system where PC Mobile Client is installed, then updating the security settings for the Mobile Client, ProgramData folder is an option we often recommend. Located in ‘C:\ProgramData\DSI\Mobile Client\’
-
Install the PC Mobile Client, using a Windows administrator account/permissions.
-
(optional) Enable the hidden items feature in Windows File Explorer.
- In File Explorer, select the View tab to see the controls for file viewing options.
- Enable the ‘Hidden items’ control.
-
Navigate to the ‘C:\ProgramData\DSI\’ folder; which is the working directory for storing MEP apps and data files.
The Windows ‘ProgramData’ folder is hidden by default, so be careful not to confuse this with the ‘C:\Program Files (x86)\DSI\’ folder; which contains the install resources. -
Right-click on the Mobile Client folder and select Properties.
-
Open the Security tab, select the ‘Users’ group, and select Edit.
- Optionally, you can select any custom group OR specific Windows users you wish to provide Mobile Client access to.
-
Enable Full Control for the Users group (or group of your choice) and then select OK.
-
Confirm that the intended users/groups now have full control of the ‘ProgramData\DSI\Mobile Client’ folder.
Updating Permissions Across a Domain
Some customers may want to be able to apply the above permissions changes across their entire organization. Some customers have been able to achieve this through GPO / Group Policy Objects, defining the exact path and permissions across all users/systems. This would also allow limitations to specific user groups if implemented as such.
Using Group Policy (For Domain Environments)
For an entire network (domain), use Group Policy Objects (GPO) for centralized management, which is more scalable than individual machine changes.
- Use Group Policy Management Console (GPMC) to create or edit a GPO.
- Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > File System.
- Add the folder path and define the permissions for users/groups, ensuring to configure inheritance/propagation settings for subfolders and files.