WIndow Services Secondary Log on

  • Thread starter Thread starter Liming
  • Start date Start date
L

Liming

Hi Gurus,

My company just gave us a very weird requirement, they are asking two
layers of protection. First layer, the normal windows log on and once
users log in, for certain programs like microsoft word, outlook or
whatever other executables they specify (could totally be some
non-microsoft related .exe), if users try to execute it, another log
in screen will popup and asking for username/password again and has to
authenticate it against a database server. If authenticated it, then
let them use it, otherwise no.

I have no idea why my boss agreed to it without asking me first and now
I'm wondering is that possible? Is there even a programming way to do
it?

THANKS, any suggestion is much appreicted it. Even if it's not .net
programming related, a tool or what not that you know, please let me
know.

Liming
 
Liming said:
Hi Gurus,

My company just gave us a very weird requirement, they are asking two
layers of protection. First layer, the normal windows log on and once
users log in, for certain programs like microsoft word, outlook or
whatever other executables they specify (could totally be some
non-microsoft related .exe), if users try to execute it, another log
in screen will popup and asking for username/password again and has to
authenticate it against a database server. If authenticated it, then
let them use it, otherwise no.

I have no idea why my boss agreed to it without asking me first and now
I'm wondering is that possible? Is there even a programming way to do
it?

THANKS, any suggestion is much appreicted it. Even if it's not .net
programming related, a tool or what not that you know, please let me
know.

Liming
Click to expand...

Provided that the users have little access to the registry (which I'm
guessing they won't have in this scenario), you could probably use the
facilities in there which allows a debugger to be automatically
launched when an application is started.

You have to register each application separately, under the following
key:

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution
Options

then you have a key named for the application being started and a value
called "Debugger" which will point to your application.

Problems:

1) You'll probably have to do a fair bit of interop, so I maybe
wouldn't approach this as .Net (for instance, I think it's your
responsibility to actually load/launch the application)
2) You have to make sure the users cannot copy the exe and give it a
new name
3) Although I know of the existence of these keys, I've never used this
functionality myself, so I cannot offer any further help.

Good luck,

Damien
 
Back
Top