Solved

Security Interference: Installing a client-server on customers' computers

Posted on 2013-06-11
4
317 Views
Last Modified: 2013-06-13
Experts -

My company sells a client (written in VB) that communicates with a server instance ( SQL 2005). Our techs usually install the client, Miscrosoft SQL, and a server instance that houses the databases that the client talks to.

As of late, we are having more and more issues with customers' security policies; inability to register the software, incorrect functionality within the software, or incomplete lists of items within the software. All, to my knowledge, happen as a result of incomplete access rights for users.

What we have been doing is asking to customer to grant us local admin rights to install the software, and upon completion, we ask that they create a group in Windows for the users of the software, in which, they have Power User privilege.

Now, every customer environment is different. I am thinking that there has to be a better way for the software to coexist within a customer's security system. I thought about using "dependency walker", but that, to my knowledge, only works with an already installed software (or would it work here?)

I am thinking that I might create a tool that examines whether a user has the needed rights to run the client properly, but for that, I would need to know what the software needs.

Any ideas? Apologies about the long-winded diatribe.

Tairo
0
Comment
Question by:Tairo
  • 2
4 Comments
 
LVL 48

Assisted Solution

by:PortletPaul
PortletPaul earned 225 total points
ID: 39239981
To be honest, the best advice I could provide would be to start designing a solution that avoids a client installation at all. Not sure what your marketplace is exactly but more and more organizations are leaning towards "zero footprint" solutions and expecting vendors to to provide this. Installing client software is not only cumbersome - it is very costly to the client organization (think of all the security issues and regression testing).

Aim at I.E./Firefox/Chrome as being the UI platform (choose an older IE like 8 for broader appeal) also try to avoid extensions such as Flash (many corps I know disallow it).

Quite possibly this isn't the advice you were seeking - but it is well intended.
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 225 total points
ID: 39240060
You need to redesign your software so that it follows the Microsoft Programming Best Practices. Architecture Guide

Power users Don't really exist.  One is an administrator or one is a standard user.  Admin for installation is fine and dandy. But you'd better come up with some really valid reasons why your program needs administrative access in order to run.  Perhaps the parts that require admin access should be placed in a service that can run as localsystem or networksystem.  

a program that accesses a sql server doesn't require administrative privileges..

Programming for a Standard User Channel 9 Video
0
 
LVL 48

Expert Comment

by:PortletPaul
ID: 39240093
:) glad someone provided the style of advice requested - but reverting to my more forward looking advice I wanted to add:

You are also (currently) using sql 2005 which is 2 major versions behind current (sql 2012); this situation won't hold forever in the marketplace either. I'd suggest that while addressing your client install might be a worthwhile tactical move, you also need to consider your "next generation" of product - and in that generation try to avoid client installs.

Cheers & good luck with the client installs :)
0
 

Author Closing Comment

by:Tairo
ID: 39244429
Thank you, Experts!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question