Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2010 10:00 AM
Is there a way to encrypt the username and password in C:\Program Files\lansweeper\Service\lansweeperservice.exe.config ?
Below is the key value pair in the xml config.
<add key="ConnectionString" value="Persist Security Info=False;Data Source=<servername>\<instanceName>;Initial Catalog=lansweeperdb;User ID=lansweeperuser;Password=mysecretpassword0*;Connect Timeout=120"/>
Below is the key value pair in the xml config.
<add key="ConnectionString" value="Persist Security Info=False;Data Source=<servername>\<instanceName>;Initial Catalog=lansweeperdb;User ID=lansweeperuser;Password=mysecretpassword0*;Connect Timeout=120"/>
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2010 10:02 AM
Not by default but you can switch the database/config to integrated authentication (which should work but is not supported)
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-06-2016 03:38 PM
Any success with this procedure on Server 2008 R2 and 2012 R2? Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-10-2011 07:49 PM
There was a work was in to encrypt the password. Here are the instructions we had to do this:
Encrypt LansweeperService.exe.config per instructions below:
A. On the server running the service dir , in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:
CD C:\Program Files (x86)\Lansweeper\Service
***** Start Code *****
Imports System
Imports System.Configuration
Module EncryptAppSettings
Public Sub Main()
'Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve the connectionStrings section.
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(".\LansweeperService.exe")
Dim section As AppSettingsSection = DirectCast(config.GetSection("appSettings"), AppSettingsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
End If
' Save the current configuration.
config.Save()
Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Module
***** End Code *****
B. Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):
C:\Program Files\Lansweeper\Service>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb
C. Run the newly created exe - C:\Program Files\Lansweeper\Service\encryptLS.exe
D. Open the LansweeperService.exe.config file and you should see a nice long CipherValue of the original appSettings.
E. Start the Lansweeper Server service and check the error.txt file for decryption errors (it will happen immediately). Done.
If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).
This was tested with server 2000 up to 2003 R2. I have noticed that this procedure does not work on server 2008. When the vbc.exe runs I get an access denied message. Still attempting to track down what the issue is.
Encrypt LansweeperService.exe.config per instructions below:
A. On the server running the service dir , in the same folder as the exe and config file, create a text file named "encryptLS.vb" with the following contents:
CD C:\Program Files (x86)\Lansweeper\Service
***** Start Code *****
Imports System
Imports System.Configuration
Module EncryptAppSettings
Public Sub Main()
'Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve the connectionStrings section.
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(".\LansweeperService.exe")
Dim section As AppSettingsSection = DirectCast(config.GetSection("appSettings"), AppSettingsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
End If
' Save the current configuration.
config.Save()
Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
End Module
***** End Code *****
B. Open a command prompt in the same folder and run the following command (this will create a vb.net console app/exe of the code above):
C:\Program Files\Lansweeper\Service>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe encryptLS.vb
C. Run the newly created exe - C:\Program Files\Lansweeper\Service\encryptLS.exe
D. Open the LansweeperService.exe.config file and you should see a nice long CipherValue of the original appSettings.
E. Start the Lansweeper Server service and check the error.txt file for decryption errors (it will happen immediately). Done.
If you run encryptLS.exe again, it will decrypt the Lansweeper30.exe.config file (toggles the encryption).
This was tested with server 2000 up to 2003 R2. I have noticed that this procedure does not work on server 2008. When the vbc.exe runs I get an access denied message. Still attempting to track down what the issue is.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-19-2010 05:55 PM
Here you go: http://www.lansweeper.com/forum/yaf_postst264_Security-How-To-Encrypt-Database-Connection-Information-in-the-config-Files.aspx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-19-2010 12:36 PM
Our IT Admin is insisting for encrypted UserName & Password String in Lansweeperservice.exe.config in the Lansweeper Server as we are exposing the username & password of the SQL Server database.
We need the password stored in an encrypted form in Lansweeperservice.exe.config.
Please help.
We need the password stored in an encrypted form in Lansweeperservice.exe.config.
Please help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2010 02:48 PM
Most likely a security problem, see http://www.lansweeper.com/kb/accessdenied.aspx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2010 02:41 PM
{ We have ran the given commands to enable firewall }
Ping works -
C:\Documents and Settings\fz008393>ping AIBL305008393
Pinging AIBL305008393 [3.204.22.194] with 32 bytes of data:
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Ping statistics for 3.204.22.194:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Now the error is ;
Wmierror Access is denied 0x80070005 (AIBL305008393, 3.204.22.194) 2/18/2010 6:07:36 PM
Ping works -
C:\Documents and Settings\fz008393>ping AIBL305008393
Pinging AIBL305008393 [3.204.22.194] with 32 bytes of data:
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Reply from 3.204.22.194: bytes=32 time<1ms TTL=126
Ping statistics for 3.204.22.194:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Now the error is ;
Wmierror Access is denied 0x80070005 (AIBL305008393, 3.204.22.194) 2/18/2010 6:07:36 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2010 11:26 AM
It seems that the server cannot resolve the hostname "AIBL305008393"
Could you try "ping AIBL305008393" from the lansweeper server.
Could you try "ping AIBL305008393" from the lansweeper server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2010 11:05 AM
After executing the above commands , Lsclient.exe connects to lansweeper server ; but error in the lansweeper webconsole as below ;
Wmierror The RPC server is unavailable 0x800706BA (AIBL305008393) 2/17/2010 2:28:46 PM
Wmierror Cannot connect to DCOM port 135 : Firewalled? (AIBL305008393) 2/17/2010 2:28:46 PM
Wmierror The RPC server is unavailable 0x800706BA (AIBL305008393) 2/17/2010 2:28:46 PM
Wmierror Cannot connect to DCOM port 135 : Firewalled? (AIBL305008393) 2/17/2010 2:28:46 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2010 10:54 AM
When you place lsclient in a loginscript you can set the firewall correct first:
call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost
call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost
