Sage Payroll - Sage Support suggests promoting user to admin

[Moltuae]

So I contacted Sage Support today because Sage Payroll is prompting for admin credentials on one of my customer's machines every time a user tries to open it.

For reasons that you would think are bleedin' obvious, all the user accounts are all non-admin accounts. Even before the advent of GDPR, granting permanent admin access to users was never a good idea. With GDPR raising the bar now, keeping systems secure and restricted is more important than ever, especially on a system that holds accounting and payroll data!

So imagine my surprise when I got this reply from Sage Support ....

Thanks for your email.



For some tasks within payroll running as administrator reduces risk of issues such as with emailing paysliips or running pension module features.

You can change the settings of payroll not to run as administrator if you right click the icon and amend the settings.

However if this can also cause the user further issues such as not receiving background updates, such as the new background update means they should currently be on ver 24.01.103, it means contacting yourselves to manually install even small updates.

I understand your reluctance to allow users to have administrator rights, and you may not have issues, but just be aware that sometimes they are necessary.

I have sent you an article which details which permissions are required to run payroll, so they need at least that level of access.

Any problems please get in touch.

Say what!?



By the way, has anyone had this issue and found a solution (one that doesn't involve promoting the user to admin)?

It is not set to 'run as administrator' and I've confirmed that the user has 'modify' permissions for all of Sage's program and data folders, yet payroll.exe still wants to "make changes to this computer".

 

[fencepost]

This happens way too often with medical software as well - I'm aware of at least one system for managing tablets used by patients that A) has to run as a local administrator B) has to be logged in and running, it doesn't run as a service and C) requires regular interaction by users.

At least I no longer see EMR software that wants all users running as domain admins.:headwall:

 

[Kitten Kong]

I have the same problem with one of my newer clients.

I don't know a way around it. at the moment I'm tempting in each time to enter my admin password.

but o can't keep doing this every week.

 

[Moltuae]

I have the same problem with one of my newer clients.

I don't know a way around it. at the moment I'm tempting in each time to enter my admin password.

but o can't keep doing this every week.

Wouldn't be so bad if it was just once a week, or even just every time the program needed updates, but this is every time they open friggin' Payroll!

I'm in the process of replying to Sage, suggesting they fix the issue pronto.

I would expect this from a small LoB software vendor but I'm shocked that a large company such as Sage (who produce accounting/payroll software that invariably holds sensitive data) would even suggest such a thing.

 

[Kitten Kong]

Luckily my clients only use payroll once a week. (SMB - 10 employees max), so its not such an issue. But it is each and every time she opens payroll.

 

[fencepost]

"I'm very disappointed that you're selling a payroll product that your IT department would never allow to be used for your own internal payroll because of its security problems."

Quickbooks used to have this problem, and I'm pretty sure that years ago we got busy with one of the Sysinternals tools (Procmon?) to monitor its startup and modify permissions to the areas of the registry it was trying to write to. This may be an option for you, it's possible someone's even put together an automated tool to do it.