Author: bjd223
Subject: Restict access to BGinfo database (logon / logoff)
Posted: 09 May 2014 at 7:31pm
Subject: Restict access to BGinfo database (logon / logoff)
Posted: 09 May 2014 at 7:31pm
| Image may be NSFW. Clik here to view.  skhudy wrote:... I know NTFS permissions ... this is that if users can read the .bgi file then they can see the db / sql credentials set in the file and potentially do things to the DB |
I would try setting the permissions for the entire BGInfo folder to a local account that the user does not know the password to. Make sure to block read/write for everyone.
Then launch BGInfo via a startup script that calls it via runas command with that new local account. That way I think the app can access the file but the user can't.
I don't even think the local account needs admin for this to work. Also you could use domain credentials but if it can't authenticate for w/e reason the user will get a permissions error at boot when it tries to launch.
I did not try this to verify that it works, but off the top of my head it should. Give it a try.
