![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to readme.txt CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / sd_flppy|
Return to readme.txt CVS log | Up to [WindowsNT SDKs] / q_a / samples / sd_flppy |
1.1 root 1: Sample: Demonstration of code to put a DACL on floppy drives
2:
3: Summary: There is no way to put a DACL on the floppy drives or on
4: the COM ports with REGEDT32, or using the Control Panel or other
5: part of the user interface. And there is no way to use the
6: Win32 api to put a DACL on the floppy drives or on the COM ports
7: that survives reboots
8:
9: sd_flppy.exe, however, does put DACLs on the floppy drives or on
10: the COM ports that survive logoff/logon, that is, these DACLs
11: are on the floppy drives or on the COM ports until the next
12: reboot
13:
14: A version of this sample program can be installed as a service, so
15: that each time the machine boots up the DACLs are automatically
16: re-applied
17:
18: Purpose: Show sample code that applies DACLs to floppy drives and
19: COM ports
20:
21: There are possibly as many desired user interfaces to this sort of
22: functionality as there are people thinking about this, so it is
23: not a purpose of this sample (or the Win32 service variation of
24: it) to present an incredibly cool user interface to how the
25: DACLs get applied. A very simplistic approach is taken to the
26: user interface. Anyone who desires that more complicated DACLs
27: are applied, or desires other variations in the user interface
28: hopefully will benefit by being able to use this sample code as
29: a starting point for their DACL-applying app
30:
31: This sample is not a supported utility
32:
33: To run: Type sd_flppy to lock the \\.\A: and \\.\B: devices
34:
35: Putting sd_flppy.exe in a Startup group or logon script could work
36: for some people
37:
38: Further notes:
39:
40: The version of this program that is packaged as a Win32 service is
41: in this same directory and is built along with sd_flppy.exe by
42: the same makefile
43:
44: The packaged-as-a-service approach might better suit people who
45: need to change the DACL on the floppy drives without requiring a
46: re-boot or logoff. After installing the floplock.exe service on
47: the machine, the client app chgflpsd.exe can be used over the
48: network to lock, unlock or query the floppy-locked-state of any
49: machine where the floplock.exe service is running
50:
51: So, this packaged-as-a-service approach might better suit people
52: that would like to be able to inquire over the net what the
53: DACLs are on the floppy drives of particular machines (to check
54: or audit them). And this approach might better suit people that
55: would prefer that the DACls be applied as the system boots up so
56: the DACLs are applied before any user has logged on at the
57: keyboard
58:
59: The packaged-as-a-service approach is more aligned with the notion
60: of protecting the floppies as a resource on a particular
61: _machine_ (regardless of who if anyone is logged on), whereas
62: the sd_flppy.exe approach (running an .exe at logon time) is
63: more along the lines of keeping a partcular _user_ from using
64: the floppies on any machine that that user might use. However,
65: once user Sam6 has logged onto machine \\Mach3 and locked the
66: floppies with sd_flppy.exe, the floppies will stay locked until
67: reboot. Of course a utility could easily be written that could
68: run in the startup group of a different authorized user such as
69: Jane3 to force the floppies on any machine Jane3 logs onto to be
70: unlocked
71:
72: As noted above the service Floplock.exe is built by the single
73: makefile in this directory. Floplock.exe is the main element of
74: the packaged-as-a-service version. Floplock.exe is the .exe to
75: install as a Win32 service, and Instsrv.exe is the utility to do
76: this installation. Instsrv.exe, as well as Chgflpsd.exe, is
77: also built by the single makefile in this directory
78:
79: Do "instsrv" to get help on the switches to use when running
80: instsrv.exe to install the service .exe
81:
82: Chgflpsd.exe is the client part of the client/server pair.
83: Floplock.exe, which you install as a service, is the server part
84:
85: Floplock.exe creates a named pipe which Chgflpsd.exe opens to pass
86: over the lock/unlock/query operations to a particular machine
87: running Floplock.exe - the named pipe is at all times protected
88: by an Admins-only DACL
89:
90: Do "chgflpsd" to get help on the switches to use when running
91: Chgflpsd.exe
92:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.