This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
We’re currently experiencing a high volume of support requests, which may result in longer response times — Thank you for your patience and understanding.
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Console permissions

dshonwood
Engaged Sweeper

‎02-27-2012 07:06 PM

Couple of things concern me. I was able to access the interface without logging in. So anyone on my domain can get into this console?? If that is true, that means anyone can open the web console and reboot servers and workstations at will? Is there a way to prevent this?
Labels:
0 Kudos
6 REPLIES 6
dteague
Engaged Sweeper III

‎02-29-2012 03:17 AM

I don't work for IT in my company, but in our Risk Management department. I use LanSweeper as an independent tool, so I can keep tabs on IT, and make sure that nothing "off the books" is going on.

The funny thing is that most of my companies IT staff is now using LanSweeper, as they trust the data that comes from it more than what comes from their own tools.

Just wait until I audit them this year.
0 Kudos
dshonwood
Engaged Sweeper

‎02-28-2012 09:25 PM

Appreciate the input... I did as instructed by lansweeper forum admin and that should work for now. Sometimes at my location we get REAL security friendly. If managers could remote lock users to desktops in handcuffs 8 hours a day, they would.


Thanks again both of you.
0 Kudos
dteague
Engaged Sweeper III

‎02-28-2012 09:21 PM

I've had LanSweeper for several years, so somethings I guess I just take for granted. With the exception of rescanning, all the options are run as the user that is viewing the webpage.

We have several items that you need to be elevated privledges to execute, and we use ShellRunAs to allow for that.

Preview file
10 KB
0 Kudos
dshonwood
Engaged Sweeper

‎02-28-2012 04:43 PM

I see your point and I understand the command it is using. Where in any configuration settings is it saying that your executing that command via windows authentication? By default only local administrators group members can run that command line. How does Lansweeper action know who is using the command if it is not running the initial console using authentication?

I would just assume to make sure none of the users could access the console as we do not have any "power" users so to speak on our domain and no need to see that info.

FYI... this is coming from a long time Dameware NT utilities user and had to have authentication to do some of the actions and custom actions used in our domain. So consider me "new" to not having to actually "authenticate" to use certain tools.
0 Kudos
dteague
Engaged Sweeper III

‎02-28-2012 04:33 PM

dshonwood wrote:
Couple of things concern me. I was able to access the interface without logging in. So anyone on my domain can get into this console?? If that is true, that means anyone can open the web console and reboot servers and workstations at will? Is there a way to prevent this?


I don't know your enviroment, but just because they can click on the button does not mean they can reboot the remote computer. All that button is doing is executing SHUTDOWN command. If they have rights today to type SHUTDOWN -r -m \\computername from a COMMAND prompt, LanSweeper is not giving them any more access.

For over a year we had LanSweeper open to everyone in the company, but just reciently deceided to lock it down. There was no abuse, as there is nothing that I would consider confidential information in it, we just deceided to lock it down.

Only issue we have had with locking it down is now techs can't get to it via their BlackBerrys.
0 Kudos
Hemoco
Lansweeper Alumni

‎02-28-2012 09:47 AM

Please refer to this knowledge base article for info on restricting web console access. Website access is currently "all or nothing". Role based access is planned for Lansweeper version 5.0. We do not yet have a release date for this version.
0 Kudos

Archive

This board contains archived posts from the retired Lansweeper Forum and Insiders Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now