RE: Isolating Windows Applications
From: Amarante, Rodrigo P. (RPAmarante@directvla.com)
Date: 04/08/03
- Previous message: Ben Dumke: "RE: SUS server"
- Maybe in reply to: Juan José Sánchez Mesa: "Isolating Windows Applications"
- Next in thread: James Ruddy: "RE: Isolating Windows Applications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Apr 2003 18:48:39 -0400 From: "Amarante, Rodrigo P." <RPAmarante@directvla.com> To: Juan José Sánchez Mesa <juanjo.listas@dobleJ.net>, <focus-ms@securityfocus.com>
If you client developed the application, they could rewrite it to work as a windows service (which can then be set run as a low level user).
Or you could use 2 batch files:
1st.bat - uses runas to start the app as low level user
Runas /user:lowleveluser app.exe
2nd.bat - calls 1st.bat starting the app in its own memory space
Start /separate 1st.bat
You should only run 2nd.bat, it will prompt you for the password of the lowleveluser (you can automate this by using AppActivate and Sendkeys in vbscript)
-----Original Message-----
From: Juan José Sánchez Mesa [mailto:juanjo.listas@dobleJ.net]
Sent: Monday, April 07, 2003 1:52 PM
To: focus-ms@securityfocus.com
(sorry for my bad enlish)
A client wants to run an application in one of our internet server. The
application is made by themselves. It's a console application which listen
in one tcp/ip port for conections from a client application.
We want to protect our server, isolating the application so it can't access
critical files, the registry, listen on more than one tcp/ip port (only in
which is designated to listen), etc ... And if it's possible, protect the
server if the application crash. The server is a Windows 2000 Server (SP3).
Anyone knows a program that isolate other programs in this way ? It's
possible do this using a user with low privileges and running the
applicaction as this user ?
Ideas, tricks ... ???
Thanks for the replies.
<b>
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
</b>
<b>
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
</b>
- Previous message: Ben Dumke: "RE: SUS server"
- Maybe in reply to: Juan José Sánchez Mesa: "Isolating Windows Applications"
- Next in thread: James Ruddy: "RE: Isolating Windows Applications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
