Download the Flash player at www.macromedia.com.
Home
Solutions
Solution Archives
Software Products
Site Search

03-Apr-05, ZWDynaUser Article posted! (Pt. 1)

28-Mar-05, Windows Process Authority article posted!

28-Mar-05, ZWXPDrive article posted!

22-Mar-05, ZENworks Enhancement Software Posted!

22-Mar-05, Site Updated!

ZWDynaUser: Dynamic User Rights

ZWDynaUser is designed to dynamically grant a user specific rights to run a specific process against either a local or network resource.  The rights granted to run the process is not available outside of the specified process or a process it launches.  Some processes do not execute properly unless they are launched by a user who is not an actual member of the administrator's group.  ZWDynaUser will allow a process to be launched as an actual member of the administrator's group to resolve this issue.  ZWDynaUser can also be used to limit user's rights to network data to within a specific program so user's cannot accidentally damage, change, or copy data via other means.  ZWDynaUser uses NT/2000/XP's inherent process security to achieve these feats.  ZWDynaUser can also be used to launch a process with elevated NDS or Domain privileges in such a manner that support personnel can run a utility with limited functionality with elevated privileges. As such, they do not need to be granted those rights directly with which they may cause harm with more general network utilities.  

"Access Builder" is used to build an authentication key that can be used by one or more users. 

  • Command to Execute: This specifies the process to launch with optional parameters.

  • Network ID: If access to a network resource is desired, this is the ID that will be used to authenticate to the network resource.  The authentication to the network resource will not effect any current network authentications and will not be available outside of the process launched under "Command to Execute".

  • Network Resource: This is the network resource to which the "Network ID" will authenticate.  If the desire is only to grant special NDS or Domain Administration rights, then only specify the Tree or Domain name.  If the desire is to map a drive or access a specific share, then specify the full UNC path.

  • Drive to Map: If specified, this drive letter will be mapped to the "Network Resource" and be available inside the launched process.

  • Local PC Permissions: ZWDynaUser dynamically creates a user called "ZWDynaUser" with a random password to allow for the dynamic assignment of local and network rights.  This user will be made a member of the local "Users", "Power Users", or "Administrators" group.

  • Launch Path: The authentication key created by ZWDynaUser is difficult to use outside of an ZENworks application object, but by specifying this launch path, then the authentication key will be invalid unless accessed from the path specified.  This will greatly enhance the security of the authentication key.

  • Password Verification: The user will be prompted for this password before the ZWDynaUser process will begin.  This can be used to help protect access to a particular ZWDynaUser process from an unattended workstation or to simply provide an additional security layer for highly sensitive documents.

 

Get ZWDynaUser Here!

 

Be sure to read Windows Process Authentication to help better understand the XPDrive article.