thanks for reading. This might not be the best forum for this, bit I'm struggling for help elsewhere and I know there's some very knowledgeable people on here.
I'm about to undertaker an install of some metrology software onto a measuring machine.
IT have refused to do it as they don't understand it, but obviously the task needs admin access, which I don't have.
They are however happy to remote on and type their admin password in when needed.
The question is, what is best practice?
Should they be blindly putting in their password without knowing the process and what it involves?
Is there anything in any standards that cover such things?
To me if a task requires admin access it should be performed by a component administrator.
I tend to agree with you in the fact that the task should really be performed by an Administrator, however, I guess you can't really change how they operate.
From personal experience, I would say that most sysadmins would just remote in any way.
Related
just a question, is a good idea to host machines with HyperV on a DC?
This is my Idea.
if the answer is no, can you explain why?
Thanks
Have a nice day
First of all, your question doesn't seem to be related to programming in any way and should hence be considered off topic for SO. Server Fault would probably be a more suitable place for (the question is somewhat old by now as well and you might already have found the info you need but I've flagged it for the moderators to perhaps consider a move from SO to SF or have it closed altogether).
Secondly, as for your question;
Generally no, it's not a good idea but there could be ifs and buts to everything I guess.
For a smaller company with perhaps only the one existing server (and no budget to add machines or get professional help to make any bigger changes to their current setup) which also happenes to be their DC, I guess it all comes down to what kind of workload the DC is under to begin with and just what will be hosted in Hyper-V. I'd personally still recommend against it though.
It's not a good idea as it's not a supported scenario from MS. I don't even know if server manager lets you install both.
You can host a VM with AD, but depending on your setup (cluster/HyperV in domain or not, ...) you really should add an AD physical server (even a very small one) for hyper-V to authenticate his services against when your AD VM has not started. It can save you a lot of time...
If you've developed a remote control application as I've done, you must know that screen capture doesn't capture the UAC dialog when that dialog is pop up, and as a result the control can't be continued.
Anybody know a solution to this?
From what I understand, I believe what you're asking about is possible.
In addition to remote control software, test automation software and accessibility apps for those with disabilities also need a way to interact with protected UI and the secure desktop.
Regarding the issues UAC presents for remote control software, see:
http://www.uvnc.com/vista/
http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/acb3a0ccb7682506/d05b0a3026366423
Those links contain info on how the UltraVNC project works around UAC. UltraVNC is open source, so the code might be a good resource as well.
I think the solution to this type of problem probably always involves delegating high-integrity tasks to a service. I don't think there's any other way around it (besides disabling various UAC settings).
And needless to say, writing an app that has an unusually high level of control over the system is a tricky matter - a lot of care must go into the design to make sure it's safe for use without exploitation. :)
See also:
http://www.codeproject.com/KB/vista-security/SubvertingVistaUAC.aspx
http://www.codeproject.com/KB/vista-security/VistaSessions.aspx
http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/4aadadbd-fc3d-4239-ba0f-4d81f17ec938
That is the entire point of the UAC dialog.
So, to answer your question, "No, nobody knows - because it isn't or shouldn't be possible".
I know blocking a website is a popular question but none of the answers I've seen address my particular situation:
I want to block a website (to be selected by the user, which must also have Admin rights, on Windows XP), without forcing her to restart her browser.
The well known technique of modifying the hosts file requires some browsers to be restarted. I want to accomplish that in a way that is browser-independent (e.g. Content Advisor works in IE but not in FF) and which doesn't require the user to restart his browser.
Please note that I am interested in knowing how to do this programmatically, so http://superuser.com or http://serverfault.com aren't really the right places for this question, as they mostly suggest tools and services, while I am interested in the underlying knowledge so that I can implement it myself.
Ideas?
Thanks.
Please note that I am interested in
knowing how to do this
programmatically, so
http://superuser.com or
http://serverfault.com aren't really
the right places for this question, as
they mostly suggest tools and
services, while I am interested in the
underlying knowledge so that I can
implement it myself.
Such tools would filter traffic by implementing a NDIS Intermediate Driver. See also this other question.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm trying to get an idea of how often my software is being installed. I was thinking about just including a simple URL call in the background the very first time the software is started. I am not trying to gather a lot of information. I really just want to get the date and time the software was installed. Is this unethical or commonly done by other developers?
You could always just have the installer open up a "Thank you for installing our product" page that's hosted on your web server. Since this page would normally only be hit after an install it should give you a decent indicator without being evil.
P.s. Before anyone hounds me on this please note that Firefox does this directly after an install.
In my opinion, yes, sending any data back that isn't authorized is unethical. Most software will prompt you to ask if it's OK to send back anonymous usage data. You could also track downloads and guestimate how many of them are actually installed.
There are a number of software products that gather data from the user but they all get the user's consent before sending any information. I suggest you do the following:
Ask the users to register, this way you will know some basic information like (roughly) when the software was installed.
If you need more complex/interesting usage statistics then make this a feature that users can easily turn off. Some people are not comfortable sending any data to you, Eclipse does this very well, the first time it wants to gather some usage statistics it allows the user to turn off the feature right away.
Finally , which ever way you implement this feature ensure that the users can see exactly what data you are collecting and sending and can choose to not do so.
If you do this in this correctly way you will gather some data in a way that does annoy your users or intrude on their privacy.
Just popup before installation:
"If you click Yes, the date and time the software was installed will be sent to us via your Internet connection. We would appreciate it a lot."
Let "Yes" be the default option and avoid the popup if there is no Internet connection available.
Doing it behind the scenes is unethical in my opinion.
you will always have to ask before calling home with anything, no matter how harmless you think it is.
kind of like you should always ask permission before putting a shortcut on a desktop.
If you want to do that — ask user permission.
Some companies just have automatic check for updates feature.
Only do this if your application uses the network as a primary function, otherwise a user will get weirded out by their standalone application asking to get internet access through their firewall.
Also: If you add in-line updates to your software, or ask to check for software updates periodically, you can easily log this information.
this is kind of tricky, if u are getting the information about the software only; without identifying the user, perhaps it might be passed as alright.
just think of google, i know it never gets installed on your system, but chrome again is a google product, which i believe probes ur google searches to give relevant advertisements. what is reading a cookie, is it any different from reading information from your computer.
also i have seen relevant advertising poping up in yahoo mail when i search for shopping stuff on google. they for sure are reading some info on your computer or browser session.
I think its ok to send the info from software, as long as u have no way to identify from what user it is coming from.
I don't see any particular areas of unethical or illegality except for this: My software, my computer, none of your business if I want to install it or just have it sitting in an installer.
Although I think a convincing argument could be made that it literally is your business to know about your software's installs.
Best route is simply to request to send 'anonymous usage information'.
How many of you windows users tell windows its OK to phone home and verify that your copy is genuine?
0.
There are a lot of high and mighty my-computer-is-my-domain answers here, and the bottom line is while its rude, its not against the law. Rather, its commonplace. Stick a disclosure in the EULA and you're good to go.
It is unethical to hide your collection of usage statistics.
That said, almost every website has a TON of personally identifiable information in the form of web logs that are almost never used to their "fullest potential for evil"
To ethically collect your install count just ask the users to activate the product on first usage or ....
Provide something useful! Prompt the user to check for updates on first use.
This approach IS ethical, can get you better and more relevant data (you can put voluntary forms together) and allows you to make a value exchange.
I think the circumstances also play a part.
If the app is a free app and the developers find that knowing each time an app is installed then as long as the user is told then most users wouldn't have an issue with that.
If the app contains sensitivie data (i.e. financial or credentials) and you notice the app calling home then that would freak most users out and wonder what else is being sent.
Also another point is having it call home each time the app is installed doesn't really tell the developers much, what if a user reinstalls the app or the operating system? What if the call home is denied by security software or their computer isn't even connected?
In my opinion if you can't collect meaningful useful stats then is it really worth collecting them to analyze them?
It’s unethical.
In the case the URL is opened in the default browser: A user might have explictly set beforehand that your tool should not be allowed to connect to the Internet. If your tool just calls the browser, you are circumventing this.
In some countries, users may face oppression or punishment for using specific tools. While they might manage to get the tool via sneakernet, your phoning home would be detectable by authorities.
You might lose/change your domain. If Malice registers it, she’ll have access to the incoming data from installations of your tool.
When your software wants to phone home, inform your users beforehand and allow them to cancel it.
I need to provide remote assistance to the users of my app, through the Internet. I need a reference for doing this, and I need to make the whole connecting to remote desktop process as easy as clicking a menu of my app for my users.
I don't want them to get too involved with the procedure. I believe the built-in remote assistance features of Windows XP and Vista are fine, I just need to make it very simple.
Anyone any ideas?
P.S. A comprehensive reference on the whole Windows Remote Assistance would also be appreciated.
I highly recommend Mikogo. It's free, fast to install and setup, works great, and is very simple. I actually prefer it to the more expensive services ($30-$40/month) because of it's simplicity. Only thing is, I'm not sure how they make money, they have some advertising when you visit the home page, but it's very minimal.
There are many commercial tools that do make this operation effortless. I won't mention any names because this isn't an advertising forum. A quick search should turn up a handful of possibilities; I've used many of the more popular ones and found them satisfactory.
Our support desk typically uses WebEx which works really well.
There are a large number of tools which will do this. Your best is to pick a tool which has a reverse connection from the person who needs help back to the helper. This will make sure that you do not have users try and configure firewalls/open ports etc. Webex is a good recommendation by Old Nick. Another option is GotoAssist, there is also Gotomeeting which can have the same remote control functionality and is cheaper i believe. The main thing is making sure it is as easy as it can be for your users, trying to walk a user through installing an active-x control can be hard enough.
I'd suggest trying LogMeIn. It's nice because once you have the user set up the client software, you can arrange with them a time to leave their PC unattended so that you can remote in and take a look (with the option to disable local keyboard/mouse and monitor access). You can also connect such that the local peripherals are enabled and watch "over their shoulder" as they replicate a problem.
There is of course also Copilot by Fog Creek. Have never used it myself, but it looks pretty easy to use, also for non-technical people.
I use CrossLoop for that kind of thing