Windows XP sercurity

RichP

RichP

NAXJA Forum User
Location
Effort, Pa
OK, I know it's an oxymron BUT here it goes.
We have an application, windows based. The owner wants to let a possible buyer use the application for a week or two as a trial. We want to make sure he does not copy it to another machine. Technically he's not too swift. We are actually going to loan him a clean slate laptop for this.
Is there a way to setup a user that has execute only on that exe file ?
Yes, I know he could ghost or image the drive and all that stuff, he could also run a cracker against the admin password and change the permissions.
Any suggestions appreciated. I KNOW if you have access to the machine 90.5% of the work of breaking in is done. I suggested putting it on a webserver and running it thru a browser but the owner does not have the time to do this.
 
I believe in order to execute an exe you have to have READ permissions as well. Meaning ofcourse that it can be copied. You could play with the special permissions and try it.

Will it require network connectivity for the trial? If not you could disable all of the peripheral devices and connections (USB, Network, CD, etc.) so there is no way to copy off of the laptop.

I will ask around and see if anybody has any other ideas.

Glen
 
Rich,

Isn't there software to have it time out after x number of days? Some compilers will do that now. Just an idea. It can be written in C as well.
 
my suggestion, set it up on an XP pro machine, or if possible a terminal server.
use RDP and set it up so that the application launches with that profile.
this bascially sets him up in kiosk mode, so there's no way that the user can change settings, and with the remote drives feature disabled no way to copy it from the remote machine.
When the trial is up, just close the RDP port on the firewall and it goes away.

that way the software never leaves your premise.
 
87manche said:
my suggestion, set it up on an XP pro machine, or if possible a terminal server.
use RDP and set it up so that the application launches with that profile.
this bascially sets him up in kiosk mode, so there's no way that the user can change settings, and with the remote drives feature disabled no way to copy it from the remote machine.
When the trial is up, just close the RDP port on the firewall and it goes away.

that way the software never leaves your premise.
Click to expand...

That is a good idea!
 
DaJudge said:
That is a good idea!
Click to expand...
oh I'm a big proponent of remote computing.
complete control is a good thing.
not to mention that you can then use linux clients with RDP, and cut your licensing costs way down.

shouldn't take any longer to setup, just toss it on an xp pro machine, enable the remote users, port forward 3389 to that machine.
give the client the IP addy and the username and password to use.
Hell, you could even create the RDP profile, save it and email it to him. If he's on XP it will just open up and work.
 
This is probably fairly roundabout, but: if this is an application that's been developed in-house, can the it be altered to check the CPU ID and MAC address? My thinking is that unless both of those items match, it doesn't install or run - and since you're giving him a clean-slate laptop, it should be pretty easy to lock it down to them. Dunno if it's doable or not, though.
 
casm said:
This is probably fairly roundabout, but: if this is an application that's been developed in-house, can the it be altered to check the CPU ID and MAC address? My thinking is that unless both of those items match, it doesn't install or run - and since you're giving him a clean-slate laptop, it should be pretty easy to lock it down to them. Dunno if it's doable or not, though.
Click to expand...
took that one right out of microsoft's playbook!

good idea though.

have you considered a USB securekey?
 
87manche said:
took that one right out of microsoft's playbook!
Click to expand...

Yup! :D It's still circumventable, but would take a lot of effort. Or, in this case, for the laptop to be stolen...
 
Problem solved, the laptop is going to be taken over to europe by someone, hopefully I diverted it to someone else successfully. I have no interest in babysitting this thing while the user tests it out for 2 weeks.
Note to self: change font size of to-do list on the wall from 12pt to 84pt and run it thru the large format printer..
 
$290 to ship ups to monte carlo, done. $2000 for round trip ticket and $1000 a nite for a room, pending. Might have a trip coming on monday, return on friday unless I can wiggle out of it...

To Do list change did not work...
 
RichP said:
OK, I know it's an oxymron BUT here it goes.
We have an application, windows based. The owner wants to let a possible buyer use the application for a week or two as a trial. We want to make sure he does not copy it to another machine. Technically he's not too swift. We are actually going to loan him a clean slate laptop for this.
Is there a way to setup a user that has execute only on that exe file ?
Yes, I know he could ghost or image the drive and all that stuff, he could also run a cracker against the admin password and change the permissions.
Any suggestions appreciated. I KNOW if you have access to the machine 90.5% of the work of breaking in is done. I suggested putting it on a webserver and running it thru a browser but the owner does not have the time to do this.
Click to expand...



WINDOZE???


Do you get hazard pay for working with that crap, Rich??!?

:D

I feel for ya...
 
You must log in or register to reply here.

Similar threads

D
Cooling Fan Switch And Temp Sensor Recommendations
Replies
10
Views
3K
DirtySouthXJ
D
ZomBrady
Things are looking up or how a couple of XJs gave me back my life
Replies
6
Views
679
ZomBrady
ZomBrady
B
Please. Help.
Replies
16
Views
3K
anthrax323
anthrax323
B
Jeeper needs Help !!
2
Replies
22
Views
3K
denverd1
denverd1
S
Starting my XJ overland build, need advice
2
Replies
30
Views
9K
Evan03
E
Back
Top