Just out of curiosity, if this app is modifying the
Registry, why aren't you using RegMon? FileMon
doesn't show the Registry key accesses, necessarily.
On a system where you have admin privileges,
install/run Regmon, and launch the CD. See which keys
it accesses, then use a login script or WMI to make
the necessary changes to the permissions on that
Registry key. If it's only a limited number of
employees, regedt32.exe would work, as well.
HTH,
Harlan
--- dataclaus1 (at) hushmail (dot) com [email concealed] wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> List:
>
> We have a product whose company has turned to vapor.
> This 16-bit product
> (EZView Vault by 'Imaging Institute') was/is used to
> scan/archive paper
> documents and burn them to a specially secured CD.
> Setting aside the
> fact that we should no longer use it, we have to
> continue to access the
> CD's because of a record retention period.
>
> Problem:
> The product was designed to autorun when inserted,
> and apparently does
> registry modification and system changes each time
> it is run. These
> are things that persons with only User Level access
> under WIN2K domain
> security architecture are not able to change, so the
> program just hangs.
>
> I have tried using Filemon (Sysinternals) to see
> what files it accesses
> (and perhaps modify the permissions) but have not
> been able to gain useful
> results (could be my ineptness). I have also tried
> copying the CD to
> hard disk, (even with display all files [including
> system] set) and then
> the program pops up 'cannot find ultra security
> file' which must be hidden
> in the MBR on the CD or something.
>
> Question:
> Do any of you nice folks out there know how to set
> run permissions for
> a program that is on removable meida so that when it
> is seen by Windows
> it does not prohibit its running by user-level
> people? The 'client'
> viewing program is bundled on each CD--does that
> make a difference?
>
> Thanks,
>
> cm
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at
> https://www.hushtools.com/verify
>
>
wl8EARECAB8FAj6e4QgYHGRhdGFjbGF1czFAaHVzaG1haWwuY29tAAoJEMX8YnuPyP0P
>
enQAn2rPqTJ9UbpvcfxdXLuIt4jMuhvDAJ41DgLmvZIAYI4DesSLLjYtyltuPA==
> =h0C3
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to
> get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate
> Program:
>
https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
>
------------------------------------------------------------------------
-----
> Attend Black Hat Briefings & Training Europe, May
> 12-15 in Amsterdam, the
> world's premier event for IT and network security
> experts. The two-day
> Training features 6 hand-on courses on May 12-13
> taught by professionals.
> The two-day Briefings on May 14-15 features 24 top
> speakers with no vendor
> sales pitches. Deadline for the best rates is April
> 25. Register today to
> ensure your place.
> http://www.securityfocus.com/BlackHat-focus-ms
>
------------------------------------------------------------------------
------
>
__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
------------------------------------------------------------------------
-----
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------
------
Registry, why aren't you using RegMon? FileMon
doesn't show the Registry key accesses, necessarily.
On a system where you have admin privileges,
install/run Regmon, and launch the CD. See which keys
it accesses, then use a login script or WMI to make
the necessary changes to the permissions on that
Registry key. If it's only a limited number of
employees, regedt32.exe would work, as well.
HTH,
Harlan
--- dataclaus1 (at) hushmail (dot) com [email concealed] wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> List:
>
> We have a product whose company has turned to vapor.
> This 16-bit product
> (EZView Vault by 'Imaging Institute') was/is used to
> scan/archive paper
> documents and burn them to a specially secured CD.
> Setting aside the
> fact that we should no longer use it, we have to
> continue to access the
> CD's because of a record retention period.
>
> Problem:
> The product was designed to autorun when inserted,
> and apparently does
> registry modification and system changes each time
> it is run. These
> are things that persons with only User Level access
> under WIN2K domain
> security architecture are not able to change, so the
> program just hangs.
>
> I have tried using Filemon (Sysinternals) to see
> what files it accesses
> (and perhaps modify the permissions) but have not
> been able to gain useful
> results (could be my ineptness). I have also tried
> copying the CD to
> hard disk, (even with display all files [including
> system] set) and then
> the program pops up 'cannot find ultra security
> file' which must be hidden
> in the MBR on the CD or something.
>
> Question:
> Do any of you nice folks out there know how to set
> run permissions for
> a program that is on removable meida so that when it
> is seen by Windows
> it does not prohibit its running by user-level
> people? The 'client'
> viewing program is bundled on each CD--does that
> make a difference?
>
> Thanks,
>
> cm
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at
> https://www.hushtools.com/verify
>
>
wl8EARECAB8FAj6e4QgYHGRhdGFjbGF1czFAaHVzaG1haWwuY29tAAoJEMX8YnuPyP0P
>
enQAn2rPqTJ9UbpvcfxdXLuIt4jMuhvDAJ41DgLmvZIAYI4DesSLLjYtyltuPA==
> =h0C3
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to
> get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate
> Program:
>
https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
>
------------------------------------------------------------------------
-----
> Attend Black Hat Briefings & Training Europe, May
> 12-15 in Amsterdam, the
> world's premier event for IT and network security
> experts. The two-day
> Training features 6 hand-on courses on May 12-13
> taught by professionals.
> The two-day Briefings on May 14-15 features 24 top
> speakers with no vendor
> sales pitches. Deadline for the best rates is April
> 25. Register today to
> ensure your place.
> http://www.securityfocus.com/BlackHat-focus-ms
>
------------------------------------------------------------------------
------
>
__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
------------------------------------------------------------------------
-----
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------
------
[ reply ]