How to lock an exe?

Hi.

We would like to lock an exe for a backup application to prevent users from messing with backup jobs and policies.
If the server console is logged in,  anyone can launch the backup agent and make changes which could be disasterous.
I have seen some free EXE lockers but I need something clean and don't mind paying.
Thanks !
LVL 1
j-teksolutionsAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
If you are looking at windows, probably it is to look at how to use native OS restriction mechanism instead.
For example, you can set the permission of the file (exe) to certain users or group.
  1. right click the executable and go to **PROPERTIES**
  2. go to the **SECURITY** tab
  3. click **ADVANCED** at the bottom
  4. click **ADD** at the bottom
  5. type **ADMINISTRATORS** for the name. if you have a domain then adjust appropriately
  6. press **OK** to get the custom settings for the administrator's group
  7. check the **DENY** checkbox next to "TRAVERSE FOLDER/ EXECUTE FILE" permission (2nd on the list)
  8. hit OK and so-on until you've closed the properties entry for that file.
Also, if you have Applocker (Windows), you can achieved this as well and even restrict only certain apps to run (whitelisting). Users will be part of the Applocker rule to configure for allow or deny. https://social.technet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-policy-to-prevent-software-from-running.aspx
0
 
ste5anConnect With a Mentor Senior DeveloperCommented:
hmm, the problems are not in messing things up. Why is there an server console open for public? Sounds like a weird security concept at all.

When a server/client is public accessible, then everyone working on this machine as to lock it (Win-L) before leaving it.A server console with admin privileges mean, that whatever you try can be circumvented. Thus no security gain in locking executables.
Also the backup agent does only what is scheduled. And as an agent it should run automatically in the background.
0
 
btanConnect With a Mentor Exec ConsultantCommented:
In any cases if it is remote administration, like rdp then it should be requesting for User Authentication For Remote Connections By Using Network Level Authentication, and restricting RDP access to specific groups (via Group Policy or manually on target machines) instead of leaving it open to everyone.

Suggest you look into 2FA which will also disallow any user login unless they are authorised with the privileges and necessary token or smartcards.
0
 
btanExec ConsultantCommented:
For author advice.
0
 
btanExec ConsultantCommented:
Advice given to restrict and have proper rights given to authorised personnel access only.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.