R
Ronan Stokes
Hi all
I am in the process of developing a consumer device for a client based
around XPE. I have a number of questions regarding use of XPE to build a
consumer device - I am hoping some people here may some answers to some of
the following questions
1) As part of the device operation, the device will use the same
local user for operation across all machines as security does not rely on
domain level user security. However as third party software may be installed
on the device, I want to secure parts of the shell and OS by running various
services under different users. The question is can I use different users
for running processes if I use MinLogon rather than WinLogon and manually
add LSA etc, or is there some other restriction imposed on MinLogon
2) The .Net component has a dependency on MSMQ which for security reasons
we cannot include in our image. I am assuming that this dependency is only
required if we use any of the queue APIs in .Net or is there another
dependency outside of that ?
3) The .Net component has a dependency on DTC which for security reasons we
cannot include in our image. I am assuming that this dependency is only
required if we use any of the System.Data APIs in .Net or is there another
dependency outside of that ?
4) The .Net component has a dependency on Remote Registry Component which
for security reasons we cannot include in our image. I am assuming that this
dependency is only required if we use specific .Net APIs or is there another
dependency outside of that ?
5) Why does client for Microsoft Networks require the Print Spooler
6) Why does DOS Windows on Windows require File Sharing ? Again we cannot
include this component for security reasons.
7) Why does FBA: SCE require Netlogon / Netjoin ?
8) Why does WMI core require Volume Shadow Copy Service
Regards
Ronan Stokes,
Independent Technology Consultant
I am in the process of developing a consumer device for a client based
around XPE. I have a number of questions regarding use of XPE to build a
consumer device - I am hoping some people here may some answers to some of
the following questions
1) As part of the device operation, the device will use the same
local user for operation across all machines as security does not rely on
domain level user security. However as third party software may be installed
on the device, I want to secure parts of the shell and OS by running various
services under different users. The question is can I use different users
for running processes if I use MinLogon rather than WinLogon and manually
add LSA etc, or is there some other restriction imposed on MinLogon
2) The .Net component has a dependency on MSMQ which for security reasons
we cannot include in our image. I am assuming that this dependency is only
required if we use any of the queue APIs in .Net or is there another
dependency outside of that ?
3) The .Net component has a dependency on DTC which for security reasons we
cannot include in our image. I am assuming that this dependency is only
required if we use any of the System.Data APIs in .Net or is there another
dependency outside of that ?
4) The .Net component has a dependency on Remote Registry Component which
for security reasons we cannot include in our image. I am assuming that this
dependency is only required if we use specific .Net APIs or is there another
dependency outside of that ?
5) Why does client for Microsoft Networks require the Print Spooler
6) Why does DOS Windows on Windows require File Sharing ? Again we cannot
include this component for security reasons.
7) Why does FBA: SCE require Netlogon / Netjoin ?
8) Why does WMI core require Volume Shadow Copy Service
Regards
Ronan Stokes,
Independent Technology Consultant