Here is our situation:
We have an old server on WinServer 2003 that we need to replace. I built a WinServer 2008 R2 VM to replace it. There is a Java application that runs under Tomcat to process credit card transactions. Once a day, it pulls down a certificate from a vendor partner and places it in a Java keystore file. This all works fine on the 2003 server. Unfortunately, it does not work on the 2008 server and I suspect that it may be due to UAC blocking the modification of any files under \Program Files. Unfortunately, the path is hard coded somewhere (that no one seems to know how to find) and I can't find where to change the code in Java to have it modify the keystore if it were somewhere else.
Because of this, I was wondering if it's possible, perhaps via GPO, to allow a specific domain service account to modify files inside \...