Novell is now a part of Micro Focus

Updating the Secure Portion of the Registry on Windows NT

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 4 May 1999

R. van Merrienboer asks: NAL doesn't work when the user has only user rights on the NT workstation. If I give the user administrator rights, there is no problem at all. But then the user has administrator rights on the NT workstation, which we don't want because of security! Do you have an explanation and solution for this problem?

You've come to the right place, Mr. van Merrienboer, because we have a solution just for you (and, we suspect, many others like you)! The problem you are seeing is with NAL 2.01, which cannot distribute an Application object to a secure Windows NT Server or Workstation if that object requires changes to the secure portion of the Registry and other secured files.

To overcome that stumbling block, our ever-accommodating team of engineers has added a service to NAL 2.5 (that ships with 1.0) that lets you register Application Launcher with the Windows NT Service Control Manager. This lets Application Launcher make the necessary changes to a secure Windows NT Server or Workstation. For security reasons, the service cannot be used by any application other than the Application Launcher.

Note: You need to install the Windows NT Service Pack 3 before installing the NT service.

There are three ways to install and register the Service. You can also deregister (unload) the Service.

Install and Register the Service with a Single Windows NT Server or Workstation
1. Get sufficient rights on the NT Server or Workstation.

2. From an NT Server or Workstation command line, run the following command to install and register the service:

nalntsrv install

By default, the nalntsrv.exe and nwapp32.dll files are copied to the system32 directory. These two files must reside in the same directory. If older versions of these files already exist, the installation overwrites them. Once installed, the service registers Application Launcher with the Windows NT Service Control Manager. The service becomes active the next time the machine is started.

Note: Adding the Start option activates the service immediately after registration without restarting the workstation. For example, enter

nalntsrv install start

If you do not want nalntsrv.exe and nwapp32.dll to reside in the system32 directory, use the Path option to redirect them. For example, entering

nalntsrv install path=c:\winnt

copies the files to the c:\winnt directory and registers the service from that location.

Install and Register the Service Using Workstation Manager 1.0
1. Use an ACU script entry to install and register the service. For example:

\\<servername>\<volume>\<path>\nalntsrv install

Important: Do not use the Start option when installing the Service from Novell's Workstation Manager 1.0.

Install and Register the Service Using the Workstation Management Component

1. Create a Workstation Package.

2. In the Workstation Package, create an Action.

3. Schedule the Action to run on User Login.

4. Run Action as System.

5. Click Disable after Run Once.

6. Put one of the following into the command line:



install start

Deregister the Application Launcher/NT Service
1. Use the Deregistration option to remove the Service from the Windows NT Service Control Manager. For example, enter the following:

nalntsrv deregister

Note: The Deregistration option does not delete the nalntsrv.exe and nwapp32.dll files.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates