Encrypting UserName & Password in Lansweeper.Exe.Config

There was a work was in to encrypt the password. Here are the instructions we had to do this:

Encrypt LansweeperService.exe.config per instructions below:

A. On the server running the service dir , in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:
CD C:\Program Files (x86)\Lansweeper\Service

***** Start Code *****
Imports System
Imports System.Configuration
Module EncryptAppSettings
Public Sub Main()

'Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve the connectionStrings section.
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(".\LansweeperService.exe")

Dim section As AppSettingsSection = DirectCast(config.GetSection("appSettings"), AppSettingsSection)

If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
End If

' Save the current configuration.
config.Save()

Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected)

Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Module

***** End Code *****

B. Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):

C:\Program Files\Lansweeper\Service>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb

C. Run the newly created exe - C:\Program Files\Lansweeper\Service\encryptLS.exe

D. Open the LansweeperService.exe.config file and you should see a nice long CipherValue of the original appSettings.

E. Start the Lansweeper Server service and check the error.txt file for decryption errors (it will happen immediately). Done.

If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).


This was tested with server 2000 up to 2003 R2. I have noticed that this procedure does not work on server 2008. When the vbc.exe runs I get an access denied message. Still attempting to track down what the issue is.

Here you go: http://www.lansweeper.com/forum/yaf_postst264_Security-How-To-Encrypt-Database-Connection-Information-in-the-config-Files.aspx

Our IT Admin is insisting for encrypted UserName & Password String in Lansweeperservice.exe.config in the Lansweeper Server as we are exposing the username & password of the SQL Server database.
We need the password stored in an encrypted form in Lansweeperservice.exe.config.

Please help.

Most likely a security problem, see http://www.lansweeper.com/kb/accessdenied.aspx

{ We have ran the given commands to enable firewall }

Ping works -

C:\Documents and Settings\fz008393>ping AIBL305008393

Pinging AIBL305008393 [3.204.22.194] with 32 bytes of data:

Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126

Ping statistics for 3.204.22.194:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Now the error is ;
Wmierror Access is denied 0x80070005 (AIBL305008393, 3.204.22.194) 2/18/2010 6:07:36 PM

It seems that the server cannot resolve the hostname "AIBL305008393"
Could you try "ping AIBL305008393" from the lansweeper server.

After executing the above commands , Lsclient.exe connects to lansweeper server ; but error in the lansweeper webconsole as below ;


Wmierror The RPC server is unavailable 0x800706BA (AIBL305008393) 2/17/2010 2:28:46 PM
Wmierror Cannot connect to DCOM port 135 : Firewalled? (AIBL305008393) 2/17/2010 2:28:46 PM

When you place lsclient in a loginscript you can set the firewall correct first:

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost