→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
joegasper
Engaged Sweeper
These techniques are working in my environment - System 1: SQL, System 2: IIS, System 3: LansweeperPro service
The information below should work in most environments. Your mileage may vary. USE AT YOUR OWN RISK.

Before attempting any process, backup, backup, backup... (especially the .config files)
If you relocate the .config files to different servers, you'll need to rerun the encryption again (on the unencrypted files).

A. Encrypting the appSettings section of the web.config file on your IIS server. (Difficulty: Easy)

1) On your IIS server, open a command prompt in the folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

2) Run the following command:
...Framework\v2.0.50727>aspnet_regiis.exe -pef "appSettings" "<physical web app directory>" -prov "DataProtectionConfigurationProvider"
where <physical web app directory> is the path you installed lansweeper web file into (and where the web.config file is located).
Ex: aspnet_regiis.exe -pef "appSettings" "D:\dept01\wwwroot\apps\lansweeper" -prov "DataProtectionConfigurationProvider"

3) After running the command you should see a nice long CipherValue of the original appSettings. Done.

B. Encrypting the appSettings section of the Lansweeper30.exe.config file on the server running the LansweeperPro Service (Difficulty: Moderate)

1) On the server running the LansweeperPro service, in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:

Imports System
Imports System.Configuration
Module EncryptAppSettings
Public Sub Main()

'Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve the connectionStrings section.
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(".\Lansweeper30.exe")

Dim section As AppSettingsSection = DirectCast(config.GetSection("appSettings"), AppSettingsSection)

If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
End If

' Save the current configuration.
config.Save()

Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected)

Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Module


2) Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):
C:\LansweeperPro>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb

3) Run the newly created exe - C:\LansweeperPro\encryptLS.exe

4) Open the Lansweeper30.exe.config file and you should see a nice long CipherValue of the original appSettings.

5) Start the LansweeperPro service and check the error.txt file for decryption errors (it will happen immediately). Done.

[6)] If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).
1 REPLY 1
Hemoco
Lansweeper Alumni
Nicely done, Thanks

But if you are really worried, have the service use integrated authentication (no password in the config file)

And above all : Protect the folders with NT security (which you should always do on servers)

(I will move this to the knowledgebase forum)