I don't know if anyone else has noticed it or not, but I find it's becoming more difficult to find Autodesk solutions, even solutions I've used a few times. Well, I finally found this technical solution after spending some time trying to find it and figured I better capture it before it disappears forever!
IT's job is to keep the company safe from hackers, virus's and keep your machines up and running so you can do your job. Sometimes the safety measures used make if difficult to do your job.
This comes up over and over where "I can't give the users Administrative permissions on their machines but AutoCAD (or other Autodesk program) gives errors when run as a limited user."
What I start out with is this: "Autodesk programs run fine under Out of the Box Microsoft Limited User permissions/rights, so it will work, what have you changed. It's not a problem with AutoCAD, it's the environment."
Autodesk has come up against this a lot too, so they've developed a technical solution/document on how to troubleshoot it.
Unable to run AutoCAD as a restricted user
Issue:When you tried to launch AutoCAD® as a restricted user, you either received error messages or the program failed to start.
Important Notes, read this information carefully before proceeding:
AutoCAD® and AutoCAD® LT are only tested against out-of-box Microsoft restricted users and roaming users. Any customization or restriction you place on users could have unexpected results in AutoCAD and are considered unsupported operating environments.
The information below is for system and network administrators only. Advanced troubleshooting knowledge and access rights will be required for both testing and resolving these issues. You should always back up essential data files, export a copy of the current registry settings and set a system restore point before making changes to the Windows Registry or user profile folders.
- Other Autodesk products, including verticals built on AutoCAD technology, may have different requirements and recommendations. Many Autodesk products do not support restricted or roaming users even in the default, out-of-box configuration. You should always refer to specific product documentation for details and requirements.
Testing strategy for failures when running AutoCAD as a restricted user
To determine the specific customization that is causing the problem, you should start by testing a new local or domain user without any policies or restrictions applied. Then you can begin adding customizations one at a time or in small groups. You should test AutoCAD with each change. For more information about troubleshooting Windows user profiles, refer to Microsoft support and documentation.
If users are configured in an Organizational Unit (OU) on a Microsoft Active Directory server, you should create a new OU that does not have a Group Policy applied. Make sure that you block the inheritance of policies from other OUs.
Expected AutoCAD startup behavior
To help troubleshoot user profile problems, refer to the following description of the expected AutoCAD startup procedure:
- When AutoCAD is launched by any user, the existence of the following folders and registry keys is validated:
- C:\Documents and Settings\%username%\Application Data\Autodesk\AutoCAD 2006
- C:\Documents and Settings\%username%\Local Settings\Application Data\Autodesk\AutoCAD 2006
- If these folders or registry keys do not exist, a secondary installer process (Msiexec) is launched to configure the default content and settings in these locations. The default content is stored in the hidden folder <InstallDir>\UserDataCache (the default location is C:\Program Files\AutoCAD 2006\UserDataCache). If these folders and registry keys exist (even if they contain limited or incorrect data), AutoCAD will still launch.
- The normal launch sequence continues and the required components (files, menus, toolbars, and so on) are loaded.
There are several customizations that are known to cause problems with the AutoCAD launch process. The following list, including related solutions where applicable, covers only some of the common settings that have been reported to Autodesk Product Support. This list is not inclusive and specific details will vary based on other network and machine customizations. You should refer to the testing strategy in this solution to determine the exact cause of failure.
Corrupt or duplicate user profiles
During the secondary installer process, a hard-coded link is established between your registry settings and your profile folders. If the name of the user or the name of the profile folder changes, required content cannot be accessed. In this situation, errors indicating that content cannot be found will usually be displayed.
To work around this issue
- Check to make sure that the registry values in the HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\R16.2\ACAD-4001:409 subkey are pointing to the current user profile. If they are pointing to the correct location, it may be necessary to back up any data in the profile and recreate it on the machine and/or the network.
- Check for duplicate profile folders in the format %username%.domainname or %username%.computername. This condition indicates that there are problems or changes with user profiles that may need to be addressed on the machine or the network.
- The errors in AutoCAD can often be resolved by backing up and deleting the following registry subkey: HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\R16.2\ACAD-4001:409, and then launching AutoCAD to trigger the secondary installer process. Note: During the secondary installer process, many user specific settings will be reset to the default settings. You should back up any customizations before you proceed. Also, this workaround will not address the problem that is causing the user profile to be duplicated or corrupted.
Default user customization and/or mandatory profiles
Microsoft user profiles contain registry information specific to that user in a file called NTUSER.DAT which is located in the user profile folder. Copying this registry information into the Default User profile or assigning this registry information as part of a mandatory profile can cause several types of failures in the secondary installer functionality. For example, AutoCAD failing to run with no error message or splash screen. In many cases, AutoCAD will fail with an error message implicating a different user’s profile folders. These configurations are not tested or supported for any Autodesk products and no workaround is supplied.
There are several ways to redirect certain folders from within the user profile, including (but not limited to) the Start Menu, My Documents or Temp folders. This customization can be done directly on the computer or with network management software, such as Microsoft Active Directory and Group Policies. These types of customizations can cause failures in the AutoCAD secondary installer which might result in error messages, such as Error 1606: Unable to access network location. To correct this issue, you should remove folder redirection from the user, reboot the machine, and then try to run AutoCAD again.
In Windows 2000 and XP, restricted users are prevented from modifying files, folders and registry entries outside their user profile. To support restricted user accounts, all customizable AutoCAD files and registry settings are stored within the user profile. Users must have Full Control permissions to all files and folders in the C:\Documents and Settings\%username% (Windows XP) or C:\WINNT\Users\%username% (Windows 2000) directory. Additionally, users must have Full Control permissions to all registry keys and values in the HKEY_CURRENT_USER key in the registry. Restrictions that limit a user’s permissions to these locations could cause failures in the AutoCAD secondary installer or within the program. Typical errors include Microsoft Windows Installer errors such as Error 1321: Insufficient permissions to modify file. Errors in the 14##, 13##, 17## range could also indicate permissions restrictions.
To correct this issue, you should remove permission restrictions from the user, reboot the machine, and then try to run AutoCAD again.
Restrictions on the Windows Installer Service
There are several ways of preventing users from accessing the Windows Installer Service (Msiexec), including placing restrictions in the Group Policy Object in Active Directory. The first time a user of a machine runs AutoCAD, the Windows Installer Service is required for the secondary installer to function. To correct this issue, you should remove this restriction from the user, reboot the machine, and then try to run AutoCAD again.
Preventing applications from running in the user profile
Policies that prevent users from launching applications from within the user profile can cause AutoCAD to fail to launch with no error message or splash screen. One place this restriction can be specified is in the Group Policy Object in Active Directory under User Configuration > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > %userprofile% = Disallowed. These types of restrictions are not tested or supported for use with AutoCAD. To correct this issue, you should remove this restriction from the user, reboot the machine, and then try to run AutoCAD again.
Data Execution Prevention
Data execution prevention (DEP) can prevent AutoCAD from launching. See the related solutions for information about exempting AutoCAD from Windows DEP settings.
Currently you can view this document here:
The next thing I tell them is, "if it works under the Admin login and not the User, then you just need to compare the two and find the differences." This may not be an easy task as they could have setup *hundreds* of Group Policies to help protect the system automatically.