Problem: The UAC in Vista & Windows 7 controls the installation of fonts and only allows an administrator to install new fonts. In XP the solution was to set permissions on %windir%\fonts and a couple of registry keys to allows Builtin\Users change access. I have tried this in Windows 7 and Vista including setting other file permissions such as fontcache.dat but I'm still prompted for admin credentials. I assume I need to set the application to run with lower privilege but the compatibility options are greyed out in file properties for %windir%\system32\fontview.exe even though I have taken ownership (as administrators) and set permissions for users to change etc. How can I allow a small number non privileged users to install fonts using a manual workaround in the short term? Then how can I do this with group policy in the longer term? Thanks Chris

Hi, try this..but it not install font>only give font to cache.. http://www.dailygyan.com/2008/05/how-to-install-fonts-in-windows-without.html

Thanks Jií Janata! That might well do the trick! My clients need to use fonts supplied in publications but not have them permanently installed. So this neatly sidesteps the UAC on Vista/Windows 7 as there's no permanent change and no need for admin credentials. I just checked it on a new Virtual Machine and it works perfectly. The utility registers fonts for use with a standard user account and without any permission changes and then they are gone from cache after logoff. I would still like to know if there is a more permanent way to modify a system program's privilege requirement but it's a great workaround. Chris

Thanks Jií Janata! That might well do the trick! My clients need to use fonts supplied in publications but not have them permanently installed. So this neatly sidesteps the UAC on Vista/Windows 7 as there's no permanent change and no need for admin credentials. I just checked it on a new Virtual Machine and it works perfectly. The utility registers fonts for use with a standard user account and without any permission changes and then they are gone from cache after logoff. I would still like to know if there is a more permanent way to modify a system program's privilege requirement but it's a great workaround. Chris

Hi, Jií Janata's suggestion is a temporary workaround. However, if you would like to install the fonts permanently, you must login on the machine with administrator privilege. For more information, please refer to the following article: Installing fonts on Windows Thanks, Novak

Thanks Novak, Yes I know that normally an administrator credential is required to add fonts. The environment I support is Government so we don't want to provide administrator rights to standard users. However as I stated under XP we were able to provide standard users the ability to install fonts by modifying file and registry permissions only. Under Vista and Windows 7 the UAC stops font installation as fontview.exe is a system program. I was hoping there was a way of lowering the privilege required to install fonts say by Group Policy so that on request we could provide this for our standard users without giving them any other elevated privilege. I could create an SCCM package for example to provide an advertisment which the user could run everytime they need to install new fonts to avoid having an administrator visit or remote in, but Group Policy would be simpler. Chris

Hi, Based on my research, Jií Janata's suggestion is the only way to install fonts with Standard user privilege. For more information, please also refer to the following article: Issue with implementing group policy to allow users to install Fonts Thanks, Novak

Hi Novak, Yes I have to agree with you that solution proposed by Jií Janata appears to be the only solution However as Tsukasa no Hibi was the developer of the solution I think it's only fair that he get the direct attribution he deserves for the work done. The other website Daily Gyan simply reports what they found with some additional comments. http://tsukasa.jidder.de/blog/2008/04/18/temporarily-register-fonts-using-a-normal-user-account It does require .Net Framework 2.0 but Tsukasa includes the source and it could be re-written in C++ if you're good enough! I have tested and implemented a solution for my clients using a batch file along the lines of pushd c:\temp\fonts; For %f in (*.*) do registerfont %f; popd This works well and if the batch file is added to Startup it will register the fonts for each user session. It could also be added to the Windows\Run registry key etc. Chris

As mentioned before Tsukasa had developed a workaround to add fonts to the user's current session http://tsukasa.jidder.de/blog/2008/04/18/temporarily-register-fonts-using-a-normal-user-account Now another developer dcpurton has created a C version complete with GNU license and source code! http://marshwiggle.net/regfont/ This has the advantage of not requiring .Net Framework 2.0. I will be using this to implement a solution for our users who require fonts but are not local administrators. Just type Regfont.exe *.* and all font files in the current directory are registered. Add this to a User's Startup and it happens every time they logon so they appear to have installed the Fonts! Chris

I believe I have come up with a workable model to solve this issue, it is not watertight from a security aspect as it leaves the fonts directory open but it works in my test lab. let me know if you have not got anywhere on this

If your solution is working with UAC turned on lee_martin1985, I'd sure like to know how you did it! I've automated the folder/registry permissions stuff but still get prompted by UAC. Turn UAC off and all is good. I'd rather have the fonts folder open than UAC off. Permissions script (replace [domain] with your domain name): ' Set permissions to font folder to allow standard users to install fonts Option Explicit Dim objFSO, objShell, strTempFile, objTempScript Const HIDE_WINDOW = 0 Const SHOW_WINDOW = 1 Const WAIT_ON_RETURN = True Set objFSO = CreateObject("Scripting.FileSystemObject") Set objShell = CreateObject("WScript.Shell") ' Create temp file with the script that regini.exe will use strTempFile = objFSO.GetTempName Set objTempScript = objFSO.CreateTextFile (strTempFile) ' Granting Administrators, System and Interactive Users Full Control objTempScript.WriteLine Chr (34) & "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Fonts" & Chr (34) & " [1 17 21]" objTempScript.Close ' Change registry permissions with regini.exe objShell.Run "regini.exe " & strTempFile, SHOW_WINDOW, WAIT_ON_RETURN ' Delete temp file objFSO.DeleteFile strTempFile ' set folder to non-system and enable writing objShell.Run "attrib.exe -r -s %systemroot%\Fonts", SHOW_WINDOW, WAIT_ON_RETURN ' set ownership of folder to domain users - /r = recurse, /d n = default answer 'no' objShell.Run "takeown.exe /f %systemroot%\fonts /r /d n /s %computername% /u " & Chr (34) & "[domain]\Domain Users" & Chr (34), SHOW_WINDOW, WAIT_ON_RETURN ' give users permisison to the folder objShell.Run "icacls.exe %systemroot%\fonts /grant " & Chr (34) & "[domain]\Domain Users:M" & Chr (34) & " /t", SHOW_WINDOW, WAIT_ON_RETURN ' give users permission to font cache file objShell.Run "icacls.exe %systemroot%\system32\FNTCACHE.dat /grant " & Chr (34) & "[domain]\Domain Users:M" & Chr (34) & " /t", SHOW_WINDOW, WAIT_ON_RETURN WScript.Echo "Done!"

I now have this implemented with SCCM as the delivery mechanism. To keep the desktop secure we install fonts for users to take away the need they have for admin rights. Let me know if you have this as I can show how I have this setup. Thanks