Running an app as a different user to use encrypted directories
I have the following use case:
We ship our application to customers as a pre-configured windows 8.1 box that runs as a server in a closed network.
We want to provide access to the system to the customer for configuration, but we need to keep the software and the files created protected from unauthorized copying, even if somebody manages to steal the box and remove the hard disk.
My questions are:
Is it possible to create a special user for the application that uses bitlocker to encrypt the directories containing the application and its data, then allow users to run the application from a different account, where the application is run as that special
user, giving it exclusive access to the directories?
If we provide customers with an admin account, would they be able to take ownership of the directories?
If this is possible, how is it done? Obviously this requires a way to safely store the credentials for the app's special user. Can that be done safely?
I found a link to this app (http://www.robotronic.de/runasroben.html), which seems to allow something like this and sent an email to the developer asking him if the app would support my use case. I'm looking for alternatives that don't require additional
software.
Thanks!
Hi,
For you requirement, BitLocker cannot achieve this.
BitLocker encrypts all personal and system files on the operating system drive, fixed data drives, and removable data drives. BitLocker does not depend on the individual user accounts associated with files. BitLocker is either on or off, for all users or
groups.
On the other hand, another encrypted tool EFS, EFS encrypts files based on the user account associated with it.
EFS encrypts personal files and folders one-by-one and doesn't encrypt the entire contents of a drive. If a computer has multiple users or groups, each of them can encrypt their own files independently.
But we can share the encrypted file between users:
http://windows.microsoft.com/en-in/windows-vista/share-encrypted-files
Applies to Windows 7 also.
Alex Zhao
TechNet Community Support
Similar Messages
-
we are a creative design studio, we need to use apple mac pro server , so we can make more than a different user to use at the same time doing different activities, on different screens, is it possible?what is the max. no. of users that can work efficient.
Appreciate your support and if possible , how to do this?If you want to work with Mac OS X, you need one computer per simultaneous user.
What you are describing, " Multiple simultaneous logins to a single computer" is not avialable on a regular Mac of any description, unless you decide to use Unix tools instead of Mac OS X.
Server will happily store files for many, many users and provide them to multiple (up to hundreds) of computers at "near hard Drive" speeds over Gigabit Ethernet. It can make the File Sharing part easy. -
How to make different users to use different Plan_Tables?
How to make different users to use different Plan_Tables?
I want each user use his own's Plan_Table. How to achieve this goal?qkc wrote:
How to make different users to use different Plan_Tables?
I want each user use his own's Plan_Table. How to achieve this goal?Which version of Oracle - if you're on 10g or later you are already (effectively) doing this.
If not, then copy the 10g strategy back to your version; in outline:
<ul>
drop all existing plan tables
create a table (but call it plan_table$) in the SYS schema (you may prefer to use SYSTEM) as a global temporary table on commit preserve rows
create a public synonym plan_table for plan_table$
grant select insert update delete on plan_table to public
</ul>
Look in $ORACLE_HOME/rdbms/admin/catplan.sql in a 10g version of Oracle to check how it's done.
Each user gets a private (temporary) table in their temporary tablespace whenever they use the plan_table
Their private data disappears when there session ends.
Regards
Jonathan Lewis
http://jonathanlewis.wordpress.com
http://www.jlcomp.demon.co.uk
To post code, statspack/AWR report, execution plans or trace files, start and end the section with the tag {noformat}{noformat} (lowercase, curly brackets, no spaces) so that the text appears in fixed format.
There is a +"Preview"+ tab at the top of the text entry panel. Use this to check what your message will look like before you post the message. If it looks a complete mess you're unlikely to get a response. (Click on the +"Plain text"+ tab if you want to edit the text to tidy it up.)
"Science is more than a body of knowledge; it is a way of thinking"
Carl Sagan -
How can you gift an app to a different user
I can only by software from the App store. I need 10 copys for this app to 10 differnt people using mac. app cost $10 and I need to be the one tha pays for it. How can I do this with macs?
IE: in windows I buy 10 Keys and send each user a download link and there Key. < So How can I do this with the macs and app store?It has to do with who you are and what the purpose of the purchase is. If you are a company, then the Terms of Use for the Mac App Store is different than if you are a private consumer. If all that you wish to do is gift these 10 people each a copy of the app, then as linked in the comment above, at this moment all that is available is a gift card sufficient to cover the costs of the app and if in the US, any local sales taxes. They can then redeem that gift card (or electronic gift certificate) as a credit in their personal iTunes/Mac App Store account and purchase the app. The licensed copy of the app will be theirs and you will have no control over it, it is not transferable to you at any time in the future.
-
DS5.2 - is it possible to run db2ldif.pl as a different user?
Normally we run exports using the following command
./db2ldif.pl -s "c=us" -a us.ldif -D "cn=directorymanager" -w <password>But I'd like to be able to run this as a different user, e.g.:
./db2ldif.pl -s "c=us" -a us.ldif -D "uid=me,ou=people,c=us" -j <password file>When I try that I get the following error:
adding new entry cn=export_2009_5_12_11_21_27, cn=export, cn=tasks, cn=config
ldap_add: Insufficient accessThe user in question has full read/write to the directory, but I'm guessing I've missed something that's not immediately apparent.
Does anyone know if this approach is possible? If so, do you know what steps I've missed?
Many thanks.I'd like to be able to run this as a different user...Yep, as long as you have ACIs set up to allow the necessary access, this works fine.
The user in question has full read/write to the directory...Do you mean they have full access to cn=config, or to the suffix with your data?
Note that the error happens while db2ldif.pl is attempting to add an entry beneath cn=config. -
How can I use apps downloaded by different users on the same iPad?
I have a 'work' iPad so the apps on it have been downloaded using two different accounts. Which was fine until I did an update at the weekend and suddenly I can only use the one's I downloaded. Is there anyway of 'sharing' these apps so who logs in can use all the apps?
No, I don't think there is. As far as I know the iPad is meant to be a 'one per Apple ID' device...and isn't really meant to have multiple Apple ID's downloading apps to a singular device.
I think the simplest way around your issue is to use only one Apple ID to download everything. -
Is it possible to run apps concurrently in different "Users" on Mac Pro in latest OSX?
I wish to continuously monitor different folders in Dropbox for "input transactions" destined for my
applications on my Mac Pro, where each Dropbox folder represents different input types from different
sources. It would speed up the process significantly if my monitor program could run concurrently from
each of several defined "Users" on my Mac Pro with OSX.Thank you for your response. Let me give you some more facts on my situation.
My monitor, running on a Mac Pro, reads folders owned by my clients, where the folders are shared
thru Dropbox with my service. So, yes, my monitor is "reading" different Dropbox member's folders looking for
"input" files to my service. My monitor is programmed (with a list) of the various clients' folders
names in which to search. Obviously, there is some number of clients (and folders) where the monitor
begins to take several seconds (too long) to scan and service, merely due to the sheer number of folders being
scanned. So, if I could create a second User on the Mac Pro, and run another (copy) of the monitor
programmed with another unique list of folders NOT being serviced by the monitor in the first
User, and (here's the problem) both monitors were running CONCURRENTLY, then the total number of
folders (and clients) being serviced could possibly almost double. Then, I could add a third User, then
a fourth, etc. to handle even more clients and folders.
The giant problem here is, each separate User does NOT run concurrently with the others, certainly where
all are logged in and "running". Actually, it appears OSX only executes programs within ONE user at a
time: the one in focus at the time. It so happens that OSX multitasks within that one User the differently-named
programs quite well; but OSX does not (continue to) execute anything in other Users, until another
User is manually switched to. Therefore, in my case, I can only run one monitor in one User at a time, thus ruining any benefit I might otherwise achieve IF OSX ran programs concurrently in multiple Users, another form of multitasking that apparently OSX is not designed to do. My monitors run with Excel VBA, which becomes the name of that program within
one User, so I am limited to running only 1 monitor per User. (Groups don't help.). On the other hand, It might help a little if
my monitor somehow could switch between OSX Users programmatically, rather than manually...I do not want
to sit at my Mac Pro constantly and manually fast-switching between Users to even attempt to solve my problem. Rather, I want
the software to run concurrently 24/7 unattended to successfully provide the service promised to all.
So, because there are lots of brilliant folks that know a lot about MACs and OSX, certainly more than me, I
am wondering IF someone knows how to get OSX to multitask across more than one User at a time, which
would solve my dilemma?? Maybe it's just not possible, I don't know...
Also, would OSX Server edition maybe be better suited to solve my problem? I know nothing about the Server's capability.
I would also hate to have to run Windows on my Mac Pro to solve this. Would VMware/Fusion work here?
Thank you again for taking the time to help... -
Running the App Server as a user other than root
We used to use iPlanet Web Server which during installation allowed you to specify which user you wanted to run the Web Server. This was very good for security. How do you do this with the App server ?
Thanks
PS We are running it on Solaris 9.Application Server 7 expands on the flexibility offered in the web server.
The most basic means to define app server instances with non-root users is to create an administrative domain (basically, an admin server instance) using the user ID of interest. As you create new application server instances in the admin domain, you can assign the same user ID to the instances.
(There is an admin domain that is initially configured as part of the app server installation. If you installed the product as root, then the admin server and the initially configured app server instance are owned by root. If you do not want these instances to be owned by root, you should remove this admin domain and create a new one that is owned by a non-root user.)
For example, with the following command, I've created a new app server config (an administrative domain) containing an admin server owned by user "ckamps":
root@canteloupe-{}: asadmin create-domain sysuser ckamps adminuser admin adminpassword password adminport 5050 ckamps.domain3
Created Domain ckamps.domain3 successfully
root@canteloupe-{}:
Then I create an app server instance within this admin domain:
root@canteloupe-{}: asadmin create-instance domain ckamps.domain3 sysuser ckamps --instanceport 80 instance1
Created Instance instance1 successfully
Note the use of the "--sysuser" option to specify the user that owns both the admin domain as well as the app server instance.
You can either use root to define the admin domain and the instances (in which case you need to specify the sysuser option to force a non-root ownership) or you can use a non-root user to define the admin domain and app server instances. In the latter case, specification of the sysuser is not required.
Since my instance is defined to listen on a privileged port, I'll need to set the "run as user" in the <instance-dir>/config/init.conf file (similar to magnus.conf in Sun ONE Web Server 6) AND ensure that I start the instance as root. Once the server instance starts up as root, it will automatically switch to the run as user.
The "User" setting below is the "run as user" specified in the admin console's "Create new instance" wizard.
<snip of init.conf>
NetsiteRoot /usr/appserver
ServerID instance3
ServerName canteloupe
PidLog /var/appserver/domains/ckamps.domain3/instance3/logs/pid
User ckamps
DNS off
</snip>
Alternatively, you can start up the newly defined admin server and create the new app server instance through the admin console.
Hope this helps,
Chris -
How many different users can use the same Apple ID to use apps?
In a corporate environment, if we have multiple users each with their own iPad. What is the terms and conditions for using apps across all those devices? Is it legal to download an app to the corporate Apple ID and use them across our multiple devices? Is this officially documented somewhere? Is there something for multi-license of apps?
Hi..
Try posting in the iPad in the Enterprise forum. -
HT204053 can this be used to run 1 spreadsheet from 5 different users imputting information
can icloud be used to track information being put in one spreadsheet from 5 different locations?
Hi there clv implants!
I have an article here that can explain to you a little more about iCloud and can inform you about documents in the cloud:
iCloud: Access iWork documents stored in iCloud
http://support.apple.com/kb/ph2704
Take care, and thanks for visiting the Apple Support Communities.
-Braden -
How to logon with different user when use of SPNego
Hi
We have implemented SPNego as Windows Integrated Authentication - but how to logoff the portal to log on with another user?
Since the users are authenticated when logging on the network from their client pc - the user will be using the standard logon page. But when logging off the portal - the users are automatic redirected and logged back in to the portal.
I have created a HTML page which the users are redirected to by use of the ume.redirect.url. But how to logon to the portal again?
When entering the portal url - the users are once more directly logged in due to the SPNego configuration.
I need to develop a new logon page where the users are able to enter another uid and pw to enter the portal.
Regards
Kay-ArneHi Kay-Arne
The whole idea of Windows authentication is to remove the need for a user to enter a username and password. If you want a user to not get the automatic log on, then you'll need to access the portal with a URL that is in a different domain
Cheers -
Hey there guys, how can i run a program as a different user in fluxbox?
this will allow you to run applications as a different user in an X session. It's not mine - I got it from somewhere but I don't remember it anymore.
#!/bin/sh
# usage is:
# save as ~/script-name
# chmod +x script-name
# ~/xsu username 'programname &'
# ex:
# ~/xsu john 'firefox &'
if [ $# -lt 2 ]
then echo "usage: `basename $0` clientuser command" >&2
exit 2
fi
CLIENTUSER="$1"
shift
# FD 4 becomes stdin too
exec 4>&0
xauth list "$DISPLAY" | sed -e 's/^/add /' | {
# FD 3 becomes xauth output
# FD 0 becomes stdin again
# FD 4 is closed
exec 3>&0 0>&4 4>&-
exec su - "$CLIENTUSER" -c \
"xauth -q <&3
exec env DISPLAY='$DISPLAY' "'"$SHELL"'" -c '$*' 3>&-" -
DSC powershell xwindowsprocess to execute batch file under different user account
DSC powershell run under "NT AUTHORITY\SYSTEM".
I am trying to execute a batch file under different user account using xwindowsprocess in DSC resource kit.
I created a custom dsc resource with 3 parameters namely Exepath, Arguments, Credential.
I received those parameter values in settargetresource method.
CallPInvoke
[Source.NativeMethods]::CreateProcessAsUser(("$ExePath "+$Arguments), $Credential.GetNetworkCredential().Domain, $Credential.GetNetworkCredential().UserName, $Credential.GetNetworkCredential().Password)
I tested it by invoking a batch file and writing username under which it executes to a text file.
After executing, the output text file still contains the "Systemname$".Configuration Sample_xService_ServiceWithCredential
param
[string[]]
$nodeName = 'localhost',
[System.String]
$Name,
[System.String]
[ValidateSet("Automatic", "Manual", "Disabled")]
$StartupType="Automatic",
[System.String]
[ValidateSet("LocalSystem", "LocalService", "NetworkService")]
$BuiltInAccount="LocalSystem",
[System.Management.Automation.PSCredential]
$Credential,
[System.String]
[ValidateSet("Running", "Stopped")]
$State="Running",
[System.String]
[ValidateSet("Present", "Absent")]
$Ensure="Present",
[System.String]
$Path,
[System.String]
$DisplayName,
[System.String]
$Description,
[System.String[]]
$Dependencies
Import-DscResource -Name MSFT_xServiceResource -ModuleName xPSDesiredStateConfiguration
Node $nodeName
xService service
Name = $Name
DisplayName = $DisplayName
Ensure = $Ensure
Path = $Path
StartupType = $StartupType
Credential = $credential
$Config = @{
Allnodes = @(
Nodename = "localhost"
PSDSCAllowPlainTextPassword = $true
#Sample Scenarios
$credential = Get-Credential
Sample_xService_ServiceWithCredential -ConfigurationData $Config -Name "Sample Service" -DisplayName "Sample Display Name" -Ensure "Present" -Path "C:\DSC\TestService.exe" -StartupType Automatic -Credential $credential
¯\_(ツ)_/¯ -
Starting a process as a different user.
I am trying to launch a script from my java application. My java application runs as root on my Solaris box. I'm using Runtime.getRuntime().exec() to launch the script. My problem is that I would like to run the script as a different user. So is there a way to do this? I am using sudo to switch users which appears to work fine, but if I use the 3rd parameter within exec() to set the working directory of the process then sudo cannot be found.
Is there a better way of starting a process as a different user in Java?I'm running as root for testing purposes. When we roll it out we will be creating a special no-interactive shell account. Besides, all socket communications are going to be encrypted, security policies, etc. Additionally we are behind a corporate firewall.
I'll have to think about the script thing. I was hoping for a more elegant pure java approach.
Thanks for the input. -
We are running XP, and have 3 different user accounts on one desktop. We are very excited by the Firefox4 features, but one user has much less comfort with changes, and doesn't want to lose browsing comfort in 3 before he has a chance to get used to using 4. May take a while....
Is there any way to download Firefox 4, perhaps into a new location. Or a new user account. And use this as a 'teaching tool' while still retaining 3?
Or can we upgrade to 4, redownload a version of 3, and import that user's previous bookmarks to the new download of 3, until we get him comfortable.
The answer is probably no. But if there is a creative way to do this, without another computer available, that would be great. If not, we upgrade and deal with the frustration and whining here.... 4 is too good to pass up.
Ideas?
LindaWhen you install Firefox 4, choose the custom installation option and change the location where Firefox is installed. You will then have 2 versions of Firefox installed.
As you have different user accounts, each user will have their own Firefox profile (location where bookmarks, passwords, etc are stored). You should not switch between different versions of Firefox with the same user profile. For those that want to use Firefox 4, just make sure you use a Firefox shortcut that opens Firefox 4, likewise for the person who wants to stay with Firefox 3, just keep their original Firefox shortcut and it should open the old version.
Maybe you are looking for
-
Re: Runaway memory usage in Access Connections AcSvc.exe on Windows Vista (SP1).
Wow... They deleted my previous message where I complained about AC and suggested to use Windows built-in functions for Wi-Fi switching instead. Well, I have Vista Business 64 on Thinkpad T61p and this piece of software just never worked properly out
-
Anybody seen this error message?
I recently replaced the internal HD on my G4 Quicksilver tower and get this error message when I dock my iPod (40GB with click wheel): "The system extension /System/Library/Extensions/iPodDriver.kext/Contents/Plugins/iPodFireWireTranspo rtSupport.kex
-
Is there a 64 bit foxfire for win7?
if so, where do i find it?
-
How to blink/flash applet application in task bar
How to blink/flash applet application in task bar. Is posible in java? Message was edited by: flalinfo
-
How to show products in home page
Hi I can't seem to find a way to show catalogue products on the home page the same way they appear on the catalog page. I can only see a list or product names but not the image. see http://stsstone.businesscatalyst.com/home I want it to look like thi