This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Archive
- Security: How To Encrypt Database Connection Infor...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2008 11:06 PM
These techniques are working in my environment - System 1: SQL, System 2: IIS, System 3: LansweeperPro service
The information below should work in most environments. Your mileage may vary. USE AT YOUR OWN RISK.
Before attempting any process, backup, backup, backup... (especially the .config files)
If you relocate the .config files to different servers, you'll need to rerun the encryption again (on the unencrypted files).
A. Encrypting the appSettings section of the web.config file on your IIS server. (Difficulty: Easy)
1) On your IIS server, open a command prompt in the folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
2) Run the following command:
...Framework\v2.0.50727>aspnet_regiis.exe -pef "appSettings" "<physical web app directory>" -prov "DataProtectionConfigurationProvider"
where <physical web app directory> is the path you installed lansweeper web file into (and where the web.config file is located).
Ex: aspnet_regiis.exe -pef "appSettings" "D:\dept01\wwwroot\apps\lansweeper" -prov "DataProtectionConfigurationProvider"
3) After running the command you should see a nice long CipherValue of the original appSettings. Done.
B. Encrypting the appSettings section of the Lansweeper30.exe.config file on the server running the LansweeperPro Service (Difficulty: Moderate)
1) On the server running the LansweeperPro service, in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:
2) Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):
C:\LansweeperPro>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb
3) Run the newly created exe - C:\LansweeperPro\encryptLS.exe
4) Open the Lansweeper30.exe.config file and you should see a nice long CipherValue of the original appSettings.
5) Start the LansweeperPro service and check the error.txt file for decryption errors (it will happen immediately). Done.
[6)] If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).
The information below should work in most environments. Your mileage may vary. USE AT YOUR OWN RISK.
Before attempting any process, backup, backup, backup... (especially the .config files)
If you relocate the .config files to different servers, you'll need to rerun the encryption again (on the unencrypted files).
A. Encrypting the appSettings section of the web.config file on your IIS server. (Difficulty: Easy)
1) On your IIS server, open a command prompt in the folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
2) Run the following command:
...Framework\v2.0.50727>aspnet_regiis.exe -pef "appSettings" "<physical web app directory>" -prov "DataProtectionConfigurationProvider"
where <physical web app directory> is the path you installed lansweeper web file into (and where the web.config file is located).
Ex: aspnet_regiis.exe -pef "appSettings" "D:\dept01\wwwroot\apps\lansweeper" -prov "DataProtectionConfigurationProvider"
3) After running the command you should see a nice long CipherValue of the original appSettings. Done.
B. Encrypting the appSettings section of the Lansweeper30.exe.config file on the server running the LansweeperPro Service (Difficulty: Moderate)
1) On the server running the LansweeperPro service, in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:
Imports System
Imports System.Configuration
Module EncryptAppSettings
Public Sub Main()
'Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve the connectionStrings section.
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(".\Lansweeper30.exe")
Dim section As AppSettingsSection = DirectCast(config.GetSection("appSettings"), AppSettingsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
End If
' Save the current configuration.
config.Save()
Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Module
2) Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):
C:\LansweeperPro>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb
3) Run the newly created exe - C:\LansweeperPro\encryptLS.exe
4) Open the Lansweeper30.exe.config file and you should see a nice long CipherValue of the original appSettings.
5) Start the LansweeperPro service and check the error.txt file for decryption errors (it will happen immediately). Done.
[6)] If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2008 11:13 PM
Nicely done, Thanks
But if you are really worried, have the service use integrated authentication (no password in the config file)
And above all : Protect the folders with NT security (which you should always do on servers)
(I will move this to the knowledgebase forum)
But if you are really worried, have the service use integrated authentication (no password in the config file)
And above all : Protect the folders with NT security (which you should always do on servers)
(I will move this to the knowledgebase forum)
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Deployments keep timing out; any other logs I can find anywhere? in Deployment Packages
- After migration to new server the Schema was not updated during install in General Discussions
- Create a report in Reports & Analytics
- Addressing NVD Insufficient Data - Impact on Vulnerability Assessments in Lansweeper in Product Discussions
- How to get a log for Microsoft Cloud Service (Intune) synchronization activities ? in General Discussions
