Erwin Craps - IT Helps
Erwin.Craps at ithelps.be
Wed Dec 10 09:36:30 CST 2003
Glad to hear I'm not the only one concerned with security.... -----Oorspronkelijk bericht----- Van: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] Namens Brett Barabash Verzonden: woensdag 10 december 2003 15:20 Aan: 'Access Developers discussion and problem solving' Onderwerp: RE: [AccessD] OT (sorta) security impersonation Excellent point, Erwin For operations like these, I would create a separate user with fairly low security clearance and grant them access to the necessary source/destination directories. Security is always a huge concern for us. I use RC4 encryption to encrypt ADO connection strings for our standalone apps in their INI files. I could easily use it to encrypt the NT username/password as well. -----Original Message----- From: Erwin Craps - IT Helps [mailto:Erwin.Craps at ithelps.be] Sent: Wednesday, December 10, 2003 1:48 AM To: Access Developers discussion and problem solving Subject: RE: [AccessD] OT (sorta) security impersonation One small but important remark from a security point of view. "One should never store admin passwords!" Create a account with sufficient rights for your purpose and use that account. Never Never store an admin password, if you put it straigth in code it can be simply scanned in you code (compiled or not). Erwin -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Brett Barabash Sent: Tuesday, December 09, 2003 10:23 PM To: 'Access Developers discussion and problem solving' Subject: RE: [AccessD] OT (sorta) security impersonation Thanks Drew. I was specifically interested in copying files to the WINNT\System32 directory (e.g. ocx, dll files). I downloaded some impersonation code (my Nicholson's a little rusty, but I can do a good Dubya. Just think "nucular") from PSC but couldn't get it to run on our W2K network. After a lengthy search (MSDN no longer has it), I found the NTSVC.OCX file. I will take a look at it; probably just what I need. >From your experience, is VB6 stable enough to create services? The >reason why I ask is because Microsoft has some KB articles that discuss access violation errors occuring from the OS interacting with VB's AddressOf function when run as a service. -----Original Message----- From: Drew Wutka [mailto:DWUTKA at marlow.com] Sent: Tuesday, December 09, 2003 2:51 PM To: 'Access Developers discussion and problem solving' Subject: RE: [AccessD] OT (sorta) security impersonation 2 things. First, if you are copying things to the DESKTOP, that shouldn't be under WINNT, it will be under Documents and Settings. If you are still trying to get to the WINNT folder (and subfolders), then you have a few options. The first is to impersonate an Admin user. Quite frankly, I'm not the person to ask on this, if you really want to go this route, email me offlist, and I'll have my co-worker send you some code, he's pretty good with the NT impersonation stuff. The second, which I have used many times myself, is to create an NT service, like you mentioned. The easy part of the service project is that you can setup the service to run as a particular account, so you can put in the name and password of an Admin account, and that service .exe will be run under those credentials automatically. I use the NTSRVC.ocx, which is pretty easy to use, it handles all of the service 'events', etc. Drew -----Original Message----- From: Brett Barabash [mailto:BBarabash at tappeconstruction.com] Sent: Tuesday, December 09, 2003 1:23 PM To: 'accessd at databaseadvisors.com' Subject: [AccessD] OT (sorta) security impersonation For quite a while now I have used a simple batch file to automatically copy new files to a users' desktop. Now, I have a new challenge. All of our workstations are configured to restrict access to the WINNT directory and its subdirectories. To copy a file to these directories I need to be logged on as an admin. I would like to develop a VB app that would run on each desktop, either as a normal executable or as a service, that would authenticate itself as an admin and copy the necessary files. If I run it as a service, it looks like I can setup a security profile for the service in the control panel. Has anyone out there done anything like this? Drew, I know that you have a lot of experience with creating services. Any good resources that you can point me to? Brett Barabash, MCP Tappe Construction, Co. Eagan, MN bbarabash at tappeconstruction.com (651) 256-6831 "One thing a computer can do that most humans can't is be sealed up in a cardboard box and sit in a warehouse." -Jack Handey ------------------------------------------------------------------------ ---- ---------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Tappe Construction Co. Scanning of this message and addition of this footer is performed by SurfControl E-mail Filter software in conjunction with virus detection software. _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com ------------------------------------------------------------------------ -------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Tappe Construction Co. Scanning of this message and addition of this footer is performed by SurfControl E-mail Filter software in conjunction with virus detection software. _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com ------------------------------------------------------------------------ -------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Tappe Construction Co. Scanning of this message and addition of this footer is performed by SurfControl E-mail Filter software in conjunction with virus detection software. _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com