[THIN] Re: super mandatory / flex profiles

• From: "Lilley, Brian" <brian.lilley@xxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Thu, 4 Nov 2004 11:58:55 -0000

Hi Neil,

We have designed our own 'secure dispatcher' which provides an api which we
can utilise in scripts which allow the scripts to 'do stuff' under the context
of a specific user id.

So, some keys in software\policies need to be touched by a script which uses
the security context of the specific id, but the perms set on the keys get
stamped on by userenv.

I have traced the userenv.dll and got :

USERENV(b14.858) 11:40:31:165 ResetPolicies: Entering.
USERENV(b14.858) 11:40:31:165 SetRegPermissionsOnPoliciesKey: Resetting
permission on the policy key
USERENV(b14.858) 11:40:31:165 SetRegPermissionsOnPoliciesKey: Resetting
permission on the policy key

so, it looks like you are right, rework of OS required... we have plenty of
development expertise and rewiring parts of the OS so it is a possibility for
us....which is nice..

...will keep you guys posted.

Brianos :o)

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Braebaum, Neil
Sent: 04 November 2004 11:51
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: super mandatory / flex profiles


Um, I don't think you can easily get around that, it'll likely be
considered "by design".

I'm not aware of any way of changing it, bar hacking the login process.
What issues is it causing you?

Neil

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Lilley, Brian
> Sent: 04 November 2004 11:15
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] super mandatory / flex profiles
> 
> hi list!
> 
> I am using the flex profile kit on our w2k03 term servers.  I 
> have set the permissions of the HKCU\Software\Policies key, 
> yet when a user logs on, this reg keys permissions set are 
> lost and reset with perms for ... the user logging on, System 
> and Administrators.
> 
> I have traced a logon using  regmon and it is the OS that is 
> resetting perms on this key.  Anyone have any clues how I can 
> stop this? i.e. get the perms set on the mandatory profile to 
> remain intact?
> 
> thanks in advance, Brianos

***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please 
notify the sender immediately and delete this 
e-mail from your system.
You must take no action based on this, nor must 
you copy or disclose it or any part of its contents 
to any person or organisation.
Statements and opinions contained in this email may 
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************

********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

==============================================================================
This message is for the sole use of the intended recipient. If you received
this message in error please delete it and notify us. If this message was
misdirected, CSFB does not waive any confidentiality or privilege. CSFB
retains and monitors electronic communications sent through its network.
Instructions transmitted over this system are not binding on CSFB until they
are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================

********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles
• » [THIN] Re: super mandatory / flex profiles

1. Home
2. thin
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---