How to lock an exe?

Hi.

We would like to lock an exe for a backup application to prevent users from messing with backup jobs and policies.
If the server console is logged in,  anyone can launch the backup agent and make changes which could be disasterous.
I have seen some free EXE lockers but I need something clean and don't mind paying.
Thanks !
LVL 1
j-teksolutionsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
If you are looking at windows, probably it is to look at how to use native OS restriction mechanism instead.
For example, you can set the permission of the file (exe) to certain users or group.
  1. right click the executable and go to **PROPERTIES**
  2. go to the **SECURITY** tab
  3. click **ADVANCED** at the bottom
  4. click **ADD** at the bottom
  5. type **ADMINISTRATORS** for the name. if you have a domain then adjust appropriately
  6. press **OK** to get the custom settings for the administrator's group
  7. check the **DENY** checkbox next to "TRAVERSE FOLDER/ EXECUTE FILE" permission (2nd on the list)
  8. hit OK and so-on until you've closed the properties entry for that file.
Also, if you have Applocker (Windows), you can achieved this as well and even restrict only certain apps to run (whitelisting). Users will be part of the Applocker rule to configure for allow or deny. https://social.technet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-policy-to-prevent-software-from-running.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ste5anSenior DeveloperCommented:
hmm, the problems are not in messing things up. Why is there an server console open for public? Sounds like a weird security concept at all.

When a server/client is public accessible, then everyone working on this machine as to lock it (Win-L) before leaving it.A server console with admin privileges mean, that whatever you try can be circumvented. Thus no security gain in locking executables.
Also the backup agent does only what is scheduled. And as an agent it should run automatically in the background.
0
btanExec ConsultantCommented:
In any cases if it is remote administration, like rdp then it should be requesting for User Authentication For Remote Connections By Using Network Level Authentication, and restricting RDP access to specific groups (via Group Policy or manually on target machines) instead of leaving it open to everyone.

Suggest you look into 2FA which will also disallow any user login unless they are authorised with the privileges and necessary token or smartcards.
0
btanExec ConsultantCommented:
For author advice.
0
btanExec ConsultantCommented:
Advice given to restrict and have proper rights given to authorised personnel access only.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.