>I'm interested in using alternate access credentials to access data rather than mapping data
directories to a drive letter under the users account. I understand this is possible under XP but I'm not sure how I would do this under 2000.
>
>I'm assuming that I would configure the EXE so it runs under specific credentials. Then when the EXE launches only that process would have access to the data and the user could not access the files through explorer. Is this correct? What are the steps involved in setting this up under Windows 2000 professional?


I don't know. I am not a Windows SysAdmin. What you are asking is more like what you can easily do in Unix. That is, to run a program with other credentials. In Win2K you can set credentials for a user, not easily for a program.

A quick & dirty solution, if it is acceptable to you, is to run it from the Task Scheduler (even if it is not scheduled). There you have a "Run As" option, where you can set up the program's credentials by typing a UID/PWD. A task scheduler program, can also run with Systems credentials.

Another way would be with a loader, writen in something like VBS (Windows Script Host) where it would launch your program with "Run As" credentials. But this would need some kind of encryption on that script,else they can just look at the source code. It opens another canof worms and it might be more work than it's worth.

Another option, maybe, is to make your program a COM object with different (restricted) credentials. Then your user runs a wrapper EXE that instantiates your COM object who in turn has the needed credentials to get to the data.

Just some ideas.