home *** CD-ROM | disk | FTP | other *** search
- How to Put a DACL on Floppy Drives
-
-
- SUMMARY
- =======
-
- There is no way to put a DACL on the floppy drives or on
- the COM ports with REGEDT32, or using the Control Panel or other
- part of the user interface. Also, there is no way to use the
- Win32 API to put a DACL on the floppy drives or on the COM ports
- that survives reboots.
-
- However, the SD_FLPPY sample does put DACLs on the floppy drives or on
- the COM ports that survive logoff and logon; that is, these DACLs
- are on the floppy drives or on the COM ports until the next reboot.
- This sample is a good starting place for anyone writing code to apply DACLs.
-
- A version of this sample program can be installed as a service, so
- that each time the machine boots up the DACLs are automatically re-applied.
-
- This sample is not a supported utility.
-
- MORE INFORMATION
- ================
-
- There are possibly as many desired user interfaces to this sort of
- functionality as there are people thinking about this, so it is
- not a purpose of this sample (or the service variation of
- it) to present an incredibly cool user interface to how the
- DACLs get applied. A very simplistic approach is taken to the
- user interface.
-
- To run
- ------
-
- Type sd_flppy to lock the \\.\A: and \\.\B: devices.
-
- You can optionally put SD_FLPPY.EXE in the Startup group or a logon script.
-
- Notes
- -----
-
- The version of this program that is packaged as a service is
- in this same directory and is built along with SD_FLPPY.EXE by
- the same makefile.
-
- The packaged-as-a-service approach might better suit people who
- need to change the DACL on the floppy drives without requiring a
- reboot or logoff. After installing the FLOPLOCK service on
- the machine, the client application, CHGFLPSD can be used over the
- network to lock, unlock or query the floppy-locked-state of any
- machine where the FLOPLOCK service is running.
-
- So, this packaged-as-a-service approach might better suit people
- that would like to be able to inquire over the net what the
- DACLs are on the floppy drives of particular machines (to check
- or audit them). This approach might better suit people that
- would prefer that the DACLs be applied as the system boots up so
- the DACLs are applied before any user has logged on at the keyboard.
-
- The packaged-as-a-service approach is more aligned with the notion
- of protecting the floppies as a resource on a particular
- _machine_ (regardless of who if anyone is logged on), whereas
- the SD_FLPPY approach (running an .exe at logon time) is
- more along the lines of keeping a particular user from using
- the floppies on any machine that that user might use. However,
- once the user has logged onto the machine and locked the
- floppies with SD_FLPPY the floppies will stay locked until
- reboot. Of course a utility could easily be written that could
- run in the startup group of a different authorized user to force the
- floppies on any machine this user logs onto to be unlocked.
-
- As noted above, the FLOPLOCK service is built by the single
- makefile in this directory. FLOPLOCK.EXE is the main element of
- the packaged-as-a-service version. FLOPLOCK installs as a service, using
- INSTSRV.EXE. INSTSRV.EXE, as well as CHGFLPSD.EXE, is also built by the
- single makefile in this directory
-
- Run "instsrv" to get help on the switches to use when running
- INSTSRV.EXE to install the service.
-
- FLOPLOCK creates a named pipe which CHGFLPSD opens to pass
- over the lock/unlock/query operations to a particular machine
- running FLOPLOCK.EXE - the named pipe is at all times protected
- by an Admins-only DACL
-
- Run "chgflpsd" to get help on the switches to use when running
- CHGFLPSD.EXE.
-
