[THIN] Re: Help track down the .exe!

• From: "Paul DeHaan" <wppad@xxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 26 Sep 2003 16:14:48 -0400

I hadn't with the shadow task bar since the appsec is simply suppose to 
restrict .exe files.  It is worth a try though... maybe some process is 
escaping filemon.

thanks.

>>> Claudio.Rodrigues@xxxxxxxxxxxxxxxxxxxxx 09/26/03 01:07PM >>>
What about the registry? Did you run REGMON to see if anything gets
denied?

Cláudio Rodrigues
 
Microsoft MVP
Windows Technologies - Terminal Server 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Paul DeHaan
Sent: Friday, September 26, 2003 1:02 PM
To: thin@xxxxxxxxxxxxx 
Subject: [THIN] Re: Help track down the .exe!

I did try that and it did show that it calls the wfica32.exe, but I have
added that to the allow list.  I also searched the entire drive to make
sure that there wasn't another copy of the file somewhere that could be
getting called.

thanks,
Paul

>>> thin@xxxxxxxxxxx 09/25/03 04:45PM >>>
Have you tried depends.exe? (Dependency Walker in the resource kit)

Hth
rat
 
Thank you,
Roy A. Tokeshi
CCEA, CCI, MCDBA, MCSE, MCT
www.tokeshi.com 


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Paul DeHaan
Sent: Thursday, September 25, 2003 10:55 AM
To: thin@xxxxxxxxxxxxx 
Subject: [THIN] Help track down the .exe!

Server: Win2k SP3 - MF XP FR2 SP2

Does anyone have the Shadow Taskbar working with Appsec enabled??

I use MS Appsec to create a list of programs that are allowed to be
executed by standard users.  This helps to keep people from executing
random and unwanted programs.

I have used filemon and watched (with appsec disabled) as a person
successfully shadowed another session.  Then just for testing, I added
EVERY single .exe that was show as being started in filemon to the
appsec list.  Still when I enable appsec, the shadow taskbar with come
up fine, by when you select a session to shadow it says "Unable to
start
the shadow session. wfica32.exe not present in your system directory."

Disable appsec...it works fine!

Any other way to find out what .exe is being called as a child
process?

Thanks,


********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did
you know, in most cases, CPU Utilization IS NOT the single biggest
constraint to scaling up?! Get this free white paper to understand the
real constraints & how to overcome them. SAVE MONEY by scaling-up rather
than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm 
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com 

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest
constraint to scaling up?! Get this free white paper to understand the
real constraints & how to overcome them. SAVE MONEY by scaling-up rather
than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm 
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com 

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm 

********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know, 
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling 
up?! Get this free white paper to understand the real constraints & how to 
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm 
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com 

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know, 
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling 
up?! Get this free white paper to understand the real constraints & how to 
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
New! Online Thin Computing Magazine Site
http://www.OnDemandAccess.com

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Help track down the .exe!
• » [THIN] Re: Help track down the .exe!
• » [THIN] Re: Help track down the .exe!
• » [THIN] Re: Help track down the .exe!
• » [THIN] Re: Help track down the .exe!
• » [THIN] Re: Help track down the .exe!

1. Home
2. thin
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---