.Home

|

Web_site

|

Support

Security

Sometimes (I suspect, always) Administrators have to protect system from users.

JIT Scheduler has no powerful built-in security. It can be protected via MS Windows® NT/2000/XP security.

• It is recommended to restrict write access to System Schedule file for users. JIT Terminal also doesn't allow to change System Scheduler settings, if the access to file is denied.

JIT Scheduler allows to run "Application" tasks in the user account context. This feature required user name, domain and password to be stored in the Schedule file. In this case, it is recommended to restrict read access to Schedule file for users too.

• It is also recommended to protect Services. Hacker can write a service application and install it into the system. Installing a service, hacker gets the access to the "System" account, which has some powerful rights and privileges.

Do not permit users to debug running services.

• Protect the System Registry (may be partially). System Scheduler uses Registry keys and values in :

     "HKEY_LOCAL_MACHINE\SOFTWARE\ Polyakoff\JIT Scheduler 4"

User Scheduler uses :

     "HKEY_CURRENT_USER\SOFTWARE\ Polyakoff\JIT Scheduler 4"

     "HKEY_CURRENT_USER\SOFTWARE\ Microsoft\Windows\CurrentVersion\Run"

Administrator can protect JIT Scheduler's registry key only or whole HKEY_LOCAL_MACHINE branch.

You can set Security Permissions with Windows NT Registry Editor - regedit.exe program (use regedt32.exe under MS Windows® NT).

Note, that it is important to provide full access to Schedule file, registry key, folders and files needed to execute System tasks for "SYSTEM" ("LocalSystem" or "LocalService") account because System Scheduler runs in that account context.