In this thread I'm going to post some examples of using Secedit to permission files and registry keys in a way that will help ensure that only the users that are supposed to modify files/keys are allowed to.

This sort of security stops worms and Denial Of Service attacks dead in their tracks.

More to come soon.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
In my company they force the policies every hour thereby resetting all rights set by packages.
Using Security templates to set the rights for your package is fairly easy and you can give the Security Templates to the system managers so they can import it so your rights won't be reset.

I wrote a very detailed instruction on how to do it with the VB script and how to make a custom action of it. However, it's in Dutch so I need to find time to translate it.

Marcel
Answered 09/20/2005 by: ZhuBaJie
Orange Belt

Please log in to comment
0
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_secedittopnode.mspx?mfr=true

is a good place to start if your new to securty templates and secedit.

I use cmd file to call secedit and the inf created by the MMC
I also use secedit to create the smb and log files. besure to use the name name for all the files to ensure you know what template is for latter.

IE

appname_version.cmd
appname_version.inf

install the files to the securty templates folder (or use one u created for applicatin securty on the local box)
call the cmd file from a custem action in your MSI at the end of your install or u can create an exe for it with wise script or simualer tool (sms installer) and call that from your package.

u can give that inf file to your administrator if you are useing domain level application securty.
Answered 06/19/2006 by: Gekris
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity