1. Home
  2. Networking Firewalls
  3. Stop Manipulation when Server Needs Access

Stop Manipulation when Server Needs Access

We have a client machine (currently running Win98 but can be upgraded to XP) which contains an application that requires a continuous link with the application developers Server. The application developer built into the software the ability to manipulate their software remotely -- ease of troubleshooting by their IT department.

My concern is that remote manipulation of their software opens up the client machine for perusal.

To my knowledge a firewall will not work since the firewall must allow the application both uplink and downlink rights.

QUESTION:

1) If I handle their application as a Service (or write a wrapper "service" program around their app) will this limit the remote ability to get elsewhere on the client machine?

2) If I go with a separate User Profile, can I be logged onto a client machine (with Win98 or XP) with two user profiles at the same time AND will running the app from a user profile stop the ability of the application to go outside its user profile?

Thanks David

Reply to
dw85745
Loading thread data ...

Thanks for both responses.

Wolfgang -- While I agree with you in principle, practically NOT an option.

Duane: Really appreciate the feedback Confrims some of my checking since posting. As I'm sure you are aware (I was not) NTFS has permissions but NOT FAT32.

Your post makes a distinction between User Accounts and User Profiles. I considered them synonymous, but most likely in error -- will check further.

David

Reply to
dw85745

"dw85745" wrote in news:1123939486.846128.211910 @g14g2000cwa.googlegroups.com:

No, I think the only way to prevent the application from doing anything will be based on the security context of the user account and permissions the account has on the machine while the program is running, at least for an NT based O/S using NTFS. The Win 9'x O/S has no security period to control anything.

A program running as a service on a NT based O/S such as XP can run with a different user account like *Local System* and will have all the permission that the Local System account provides, and you can be logged on to the machine with your own user account doing other tasks. Win 9'x doesn't have services like a NT based O/S. User profiles don't have the ability to do what you're asking that I know about.

Duane :)

Reply to
Duane Arnold

The answer is very simple but you'll probably not like to hear it: If you don't trust the developers of a particular software just do not run that particular software.

Wolfgang

Reply to
Wolfgang Kueter

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.