Multiple Accounts

Discussion in 'Ghost Security Suite (GSS)' started by ReGen, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I find RD seems to just block previously unauthorised registry modifications without the option to allow, if I try to log into another user account. This tends to cause lockups of the programs as they just sit waiting for access. Everything runs as expected if I train RD first before switching account, but I’m sure to miss something. Is this a bug or the way it’s meant to be or…. just my computer. I’m using 1.05.
    Thanks.
    ReGen

    Windows XP Home, Athlon 64.
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    you will have to wait an official answer from Jason, but I think that the support of fast user switching is not natively handled by the softwares, and that it has to be coded for it.

    In addition, if you do not want that the other sessions be able to modify your settings (like kid's accounts) may be RegDefender should automatically block any modification if the current session is not the one which launched it ?

    regards,
    gkweb.
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Fast user switching isn't currently handled, I'll add it to the next version with the option to either automaitcally ALLOW or BLOCK the requests which happen in other sessions and request user input.
     
  4. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Thanks for the replies everyone. :)
    I never use Fast user switching. I always Log out of my main account before logging into one of the others. Maybe my problem is related more to the ones reported in the “Lockup” thread. The last time I logged into another account I didn’t even get passed the “Logging in” screen before the PC locked solid – and that’s after I had Logged into my main account several times and given all the ‘allows’ that were required. All the accounts use the same software and are set up much the same way.
    Hope this info will be of help.

    ReGen

    Windows XP Home. Athlon 64
     
  5. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I’m still having problems with the latest version of RD. Since adding the ‘Regrun' items kindly supplied by ‘Puff’ I’m unable to ‘Log Out’ of my windows accounts. Windows sticks at the ‘Saving settings’ screen. If I close down RegDefend first, I can log out OK.

    Even before adding the ‘Regrun’ items, I had to make sure I’d manually shut down RD before logging out of my main account. If I didn’t the computer would ‘Lockup’ at the ‘Logging in’ screen of my secondary accounts.

    So basically everything works perfectly – so long as RD is shutdown manually before logging out of accounts, but that’s a bit of a bind, as I don’t particularly like telling the kids how to shut down security applications. Any help would be appreciated.

    ReGen.
     
  6. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Sorry, this wasn't added v1.100 due to time constraints. For the moment it would be best to disable RD if you want to use it in another account, or if the account is an ADMIN one, close down RD in the current account and start it in the new one.
     
  7. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    RD V1.150

    Sorry Jason, but I still have problems when using different accounts. (All Admin)

    Using fast user switching RD acted as you stated by blocking the change but not freezing the program :) . But on logging out of the account I had just switched too, the computer locked forcing a hard reset.

    If I log out of my account (not using fast user switching) and then log into another account, programs halt and lockup as per the previous version , (if access to the registry start-up areas is required).
    RD shows in the task bar, but no allow/block screen ever appears. Should I be able to Log out/In to different accounts now? Or is RD primarily designed for use on a one account computer?

    Thanks for any light you can shine on this problem.

    Windows XP Home (Fresh install). NIS2005, TH Guard 4.2, SpySweeper 3.5.
    Athlon64 3500+ (Winchester 939 pin), Asus A8V Deluxe MB, 1GB DDR Memory. PNY 6600GT Graphic card. Maxtor SATA HDs
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Regen,

    I tested it whilst fast user switching with v1.100 and it locked up as you said. With the new version it logged into the new account fine whilst fast user switching. However this was with the defaults, have you changed any of them or?

    Since the registry is only being blocked from modification I'm not sure what would be stopping the logon if they can all be read fine. However I noticed in my "fast user switched" account there was quite a few blocks occuring when I switched back to the original account, rundll and some other programs.
     
  9. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Hi Jason.

    Yes, all the settings are default. Before doing any account switching, I always make sure that all the programs that may require access to the protected start-up areas are added.

    We do a lot of account switching during a normal day, between the kids, wife’s and my own accounts. I always get them to Log out of an account before putting the PC into Standby when not in use. But if the account that gets logged into first isn’t mine when taking the PC out of S/By (Presuming my account had originally been the first to run RD and I hadn’t shut it down before logging off) is where programs that I’ve not previously added to RD (and require access to the protected areas of the registry) just freeze up and require the PC to be rebooted.

    It’s very difficult to really bolt down a PC used in a multi-user environment. I can’t expect my kids to make well informed decisions about security. If something pops up on screen asking for a ‘Yes / No’ decision, their far more likely to say ‘Yes’ so they can continue with whatever they were doing. So I really like the idea of the ‘Default Block’ with fast user switching, and would like to see a similar user setting that could do the same in all accounts until deselected by the user. What would also be really good is if RD could log all the items blocked with the option of adding them (should you want to) at a later date.

    I think RD is a great program Jason (Hence I bought it). Just wish I could correctly use it for all accounts.

    Thanks.
    ReGen
     
  10. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Just letting you know RD 1.3 seems to be working perfectly with multiple accounts. I've not had a single lockup when a program attempts to use the registry in any of my accounts, no matter which account was initially opened.
    Thanks for all your hard work. :)

    ReGen.
     
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi ReGen et al,

    I am currently having some problems with multiple accounts. But I have the RegRun additions. Are you using the RegRun additions? Thanks.

    Rich
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hmmm .. looks like it is something in RegRun extensions. Everything seems to be running well after I remove the RegRun file.

    Rich
     
  13. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Rich,

    Does the main RD log (not the "Current Live Log") give you any clues?

    Nick
     
  14. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hi guys :).

    Just tested this out and it seems that explorer.exe and winlogon.exe are being blocked from setting registry values with the RegRun Group enabled.

    To rectify this, try adding these executables to the APO (Application Permissions Override) for the RegRun group with the stated ALLOW for each respective executable:

    - explorer.exe | Modifying Values |
    - winlogon.exe | Modifying Values |


    Hope that helps,
    Jade.
     
  15. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Jade. I will give it a try.

    Rich
     
  16. tlu

    tlu Guest

    Jade, on my computer only adding winlogon.exe to the APO was necessary.
     
  17. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I continue to look at RegDefend very seriously and running it with multiple accounts has been one of the issues I was concerned with. But one thing I haven't seen mentioned is running as a Limited User.

    Sooo...does RegDefend work ok with the restricted permissions a Limited User has? Obviously, this is my preferred web surfing account type because of the limited exposure to infection.
     
  18. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Thanks for the reply tlu, that is great news :)....at least the culprit seems to have been found.

    Regards,
    Jade.
     
  19. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Bowserman et al,

    Tried it, but my system still hung up when trying to switch between accounts. I am not sure I added all of the APO entries that I needed. Can someone give me a specific list. Thanks.

    Rich
     
  20. tlu

    tlu Guest

    HAN, that's what I've been doing for a long time, too - and, I'm sure, all of us security experts here on Wilders. :D
    To answer your question: RegDefend works perfectly under my (restricted) user account if winlogon.exe is added to the APO as mentioned in other posts of this thread.
     
  21. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hi Rich,

    When switching accounts is there anything showing in RegDefend's logs?...if so could you post them? Simply highlight all the entries in the logs after switching accounts (if there are any) then pres CTRL+C to copy.


    Regards,
    Jade.
     
  22. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Bowserman,

    Thanks for the reply. Nope, there is nothing in the log.

    Rich
     
  23. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Hi richrf.

    I’ve just added the Regrun group to see what happens. I gave ‘explorer.exe’ and ‘winlogon.exe’ the required permissions.
    On switching accounts everything seems OK – But, I noticed the ‘Regrun’ group always appears with a red cross along side it (disabled). Clicking on the cross I get asked if I want to disable the group. If I select ‘Yes’ or ‘No’ all the registry items and rules disappear for that group, and fail to return until I log back into my original account.
    I’m currently not to sure whether this is a cosmetic bug or actually effects the protection of the ‘Regrun’ group.
    I had one BSD on switching accounts before adding explorer.exe permissions, but other than that all seems OK.
     
  24. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi ReGen,

    Thanks for the additional info. For now, I am keeping the RegRun group turned Off until I know what is happening. I am sure at some point either Jason or puff will figure out what the exact settings should be for multiple accounts. I rather wait for a standard set, rather than play around with it myself.

    Rich
     
  25. tlu

    tlu Guest

    richrf,
    I'm just guessing what the cause for this problem might be. I think it's because only the HKCU registry branch of the respective account, where you are logged in, is loaded. Now, if you switch to another account (via FUS) the HKCU branch for this account has to be opened, too. I can imagine that this causes problems for RegDefend.

    A similar problem arises if you use the well-known freeware program ERUNT from http://www.larshederer.homepage.t-online.de/erunt/ for a registry backup. It is only possible to backup the open registry files NTUSER.DAT and USRCLASS.DAT for the user currently logged in (besides DEFAULT, SAM, SECURITY and SYSTEM). If you want to have a complete registry backup you will have to log into your admin account, switch to your user account via FUS (in order to open NTUSER.DAT and USRCLASS.DAT for that account), switch back to your admin account and start ERUNT. This is the only way to have a complete registry backup if more than one account exists.

    ERUNT has no problem with this procedure. But in the case of RegDefend, there is no distinction between different accounts concerning the rules related to HKCU. And it may well be, that the HKCU entries for your admin and your user account are very different - and this may make RegDefend stumble if both HKCU's are opened at the same time.

    Again, I'm just guessing! Jason's the only one who can clarify this issue.
     
    Last edited by a moderator: May 24, 2005
Thread Status:
Not open for further replies.