make AD Connector Hidden Process in Task Manager

techuser · 02-11-2011, 11:56 AM

Is it possible to make the vbscript for AD Connector a hidden process, so that users cannot simply terminate the process in task manager? This would be an excellent feature!

It would be even better if the server could obtain the AD information without having to run a vbscript in a continuous loop for reporting.

mrunkel · 02-11-2011, 12:10 PM

Captive Portal

sky-knight · 02-11-2011, 12:33 PM

There really isn't any other way to do it. If you want Untangle to route based on user name it has to run some kind of applet on the desktop to create a username to IP address mapping so it can do its thing.

So we either use a logon script, or we write an application that does the same thing. Somewhere on these forums I believe WebFool created an application that does what the script does so people can't edit it or guess its function as easily.

But it can still be terminated.

The answer there, is take the admin rights away from the user so they cannot terminate processes. Of course that has much larger implications.

Mrunkel is right, captive portal is your only other option. That puts the burden of authentication on the Untangle server, where the user has no control. Of course, that process is more disruptive as the users have to authenticate a certain number of times per day to build the user / ip map. Furthermore, if you create a long window of authentication, you can possibly have internal machines change addresses and either loose access, or put access violations on someone else.

Nothing's perfect.

While I'm thinking about it, I wonder how hard it would be to change up the script and have it fire as a scheduled task under the currently logged in user... That would bring up an intermittent task event, that would vanish between runs. Since the actual process would take almost no time, that would be functionally invisible.

02-11-2011, 11:56 AM	#1 (permalink)
techuser Untangler Join Date: Nov 2010 Posts: 65	make AD Connector Hidden Process in Task Manager Is it possible to make the vbscript for AD Connector a hidden process, so that users cannot simply terminate the process in task manager? This would be an excellent feature! It would be even better if the server could obtain the AD information without having to run a vbscript in a continuous loop for reporting.

02-11-2011, 12:10 PM	#2 (permalink)
mrunkel Join Date: Jul 2008 Posts: 2,766	Captive Portal __________________ m. Big Frickin Disclaimer: While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions. It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

02-11-2011, 12:33 PM	#3 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	There really isn't any other way to do it. If you want Untangle to route based on user name it has to run some kind of applet on the desktop to create a username to IP address mapping so it can do its thing. So we either use a logon script, or we write an application that does the same thing. Somewhere on these forums I believe WebFool created an application that does what the script does so people can't edit it or guess its function as easily. But it can still be terminated. The answer there, is take the admin rights away from the user so they cannot terminate processes. Of course that has much larger implications. Mrunkel is right, captive portal is your only other option. That puts the burden of authentication on the Untangle server, where the user has no control. Of course, that process is more disruptive as the users have to authenticate a certain number of times per day to build the user / ip map. Furthermore, if you create a long window of authentication, you can possibly have internal machines change addresses and either loose access, or put access violations on someone else. Nothing's perfect. While I'm thinking about it, I wonder how hard it would be to change up the script and have it fire as a scheduled task under the currently logged in user... That would bring up an intermittent task event, that would vanish between runs. Since the actual process would take almost no time, that would be functionally invisible. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879 Last edited by sky-knight; 02-11-2011 at 12:37 PM..

Protect

Filter

Perform

Connect

Manage

Add-Ons