[OpenAFS-devel] Windows Terminal Server

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 14 Sep 2005 04:50:19 -0400


This is a cryptographically signed message in MIME format.

--------------ms080600090905090804040601
Content-Type: multipart/mixed;
 boundary="------------000108010909000404050305"

This is a multi-part message in MIME format.
--------------000108010909000404050305
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Tim:

The AFS Client Service cannot map drives in the user session because
it does not exist within the user session.   The AFS Systray tool
already has a mechanism by which it will create drive mappings for a
user session if they are listed in the HKCU portion of the registry
but as you are probably aware, that tool is being replaced with a
non-AFS specific credential manager, Khimaira, that will be debuting
in KFW 3.0.

If you really want a drive letter, you could simply install a short
program in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that
creates the mapping.   You can even bundle the addition of this tool
into an arizona.edu transformed version of the OpenAFS MSI for your
users.

Could you explain how you would have OpenAFS deny the user the ability
to execute "NET USE G: /D"?

Thanks.

Jeffrey Altman


Tim Spriggs wrote:
>   yay for deprecation! :) They are finally moving away from DOS!
> 
>   Is there any way of getting around this? I could make a startup script,
> I'm sure, to map the drive if it doesn't exist but that seems a little
> hackish. I like the idea of having a drive letter for our users even
> though it is easy for _me_ to tell them they should type in \\AFS\(cell
> name)\... somewhere and map it.
> 
> Suggestion from the peanuts gallery:
> 
>   It seems like the global drives feature might simply be implemented
> differently. Since the common user can see drive mappings made by the
> administrator in the global drives configuration area, the AFS client
> could try to map those as user mounts for an individual session. This way
> openafs still has the ability to do the "global drive" in the sense of
> users seeing system-administrator default mappings.
> 
>   Furthermore, if the same behavior is expected from global mappings then
> the unmount operation could be denied from openafs.
> 
> /Suggestion
> 
> Thanks!
> -Tim
> 
>   /++--._.--++\  .                     _.-._
>        \|/                           /+
>         |       /|\  /| _.-._.-._   <{
>         +        |    |/         \   \_
>        /_\      _|_   |           |    ^=-._
>                                             \
> Lunar and Planetary Lab                     }>
> (520) 626 - 4991 -- SS 416                 _/
> _______________________________________.-=$/  <|>
> 
> 1629 E. University Blvd.
> University of Arizona
> 
> On Tue, 13 Sep 2005, Jeffrey Altman wrote:
> 
> 
>>Global drive mappings are not supported by Microsoft.  They are
>>deprecated and are not guaranteed to have reliable behavior
>>after Windows 2000.  The functionality is expected to disappear entirely
>>in a future release.
>>
>>http://rt.central.org/rt/Ticket/Display.html?id=15160
>>
>>Jeffrey Altman
>>
>>Tim Spriggs wrote:
>>
>>
>>>Hello All,
>>>
>>>When I create a global drive as Administrator on a windows 2003 Terminal
>>>Server I can't see the drive as a normal user through My Computer. However
>>>the drive is listed in the client configuration utility as the normal
>>>user.
>>>
>>>I have read through the notes online and I don't see anything related to
>>>this, am I missing something?
>>>
>>>Thanks,
>>>-Tim
>>>
>>>  /++--._.--++\  .                     _.-._
>>>       \|/                           /+
>>>        |       /|\  /| _.-._.-._   <{
>>>        +        |    |/         \   \_
>>>       /_\      _|_   |           |    ^=-._
>>>                                            \
>>>Lunar and Planetary Lab                     }>
>>>(520) 626 - 4991 -- SS 416                 _/
>>>_______________________________________.-=$/  <|>
>>>
>>>1629 E. University Blvd.
>>>University of Arizona
>>>
>>>_______________________________________________
>>>OpenAFS-devel mailing list
>>>OpenAFS-devel@openafs.org
>>>https://lists.openafs.org/mailman/listinfo/openafs-devel
>>
> 
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

--------------000108010909000404050305
Content-Type: text/x-vcard; charset=utf-8;
 name="jaltman.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="jaltman.vcf"

begin:vcard
fn:Jeffrey Altman
n:Altman;Jeffrey
org:Secure Endpoints Inc.
adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States
email;internet:jaltman@secure-endpoints.com
title:President
tel;work:+1 212 769-9018
x-mozilla-html:TRUE
url:http://www.secure-endpoints.com
version:2.1
end:vcard


--------------000108010909000404050305--

--------------ms080600090905090804040601
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJXzCC
AwowggJzoAMCAQICAw7NrTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNTI3MTc0NzU3WhcNMDYwNTI3MTc0NzU3
WjBzMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjErMCkGCSqGSIb3DQEJARYcamFsdG1hbkBzZWN1cmUtZW5k
cG9pbnRzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjPyrF+rdjOUSK/
bWwZHdx5p1+y6iiCd4vvYEVDxouYFp5C/fZEWm5n45ubBUbMSUI1MAZN6ooEoH09UTj6BXhM
S8B987ls81dKOIUphTF2jOzq8gsFmeA15yHMRAD20LqUWeLyvYk8FCNQw+dsKMMhX+WdsxOm
RY/1jPkJL6oN8kEwoUFkOX9/OfWWh6oFnV6faiEHUKDMFubsb9X0KVD8iIeR7Cxz7i4kXqRX
wMlp2fyoxcDIJrBaTY8nA++g3p34IkWt1a5po6g683nIgSnGpwYIwuJheBqSEZfLYWa+1KdD
6Sn27Ud94GqUvPVG5jC6zVC5EJ2aWuoAu+nNuV8CAwEAAaM5MDcwJwYDVR0RBCAwHoEcamFs
dG1hbkBzZWN1cmUtZW5kcG9pbnRzLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBADtvO//tjiAV6VJGtoNtrl34mB5jGyGTiotzw8riB6zz0GvY11bcWDmp6JKif+pVG+8L
IySDosbuva13qu2HwYUxBmWc7CoNd2k9kRlcrfbDUTTrGOZK8qyqNqT3gQZTAa9ZnUI0su9G
y/n2o5bQcaYdqR3htNrpvdLSPOWhILOXMIIDCjCCAnOgAwIBAgIDDs2tMA0GCSqGSIb3DQEB
BAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0w
NTA1MjcxNzQ3NTdaFw0wNjA1MjcxNzQ3NTdaMHMxDzANBgNVBAQTBkFsdG1hbjEVMBMGA1UE
KhMMSmVmZnJleSBFcmljMRwwGgYDVQQDExNKZWZmcmV5IEVyaWMgQWx0bWFuMSswKQYJKoZI
hvcNAQkBFhxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqM/KsX6t2M5RIr9tbBkd3HmnX7LqKIJ3i+9gRUPGi5gWnkL99kRa
bmfjm5sFRsxJQjUwBk3qigSgfT1ROPoFeExLwH3zuWzzV0o4hSmFMXaM7OryCwWZ4DXnIcxE
APbQupRZ4vK9iTwUI1DD52wowyFf5Z2zE6ZFj/WM+Qkvqg3yQTChQWQ5f3859ZaHqgWdXp9q
IQdQoMwW5uxv1fQpUPyIh5HsLHPuLiRepFfAyWnZ/KjFwMgmsFpNjycD76DenfgiRa3Vrmmj
qDrzeciBKcanBgjC4mF4GpIRl8thZr7Up0PpKfbtR33gapS89UbmMLrNULkQnZpa6gC76c25
XwIDAQABozkwNzAnBgNVHREEIDAegRxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAO287/+2OIBXpUka2g22uXfiYHmMbIZOK
i3PDyuIHrPPQa9jXVtxYOanokqJ/6lUb7wsjJIOixu69rXeq7YfBhTEGZZzsKg13aT2RGVyt
9sNRNOsY5kryrKo2pPeBBlMBr1mdQjSy70bL+fajltBxph2pHeG02um90tI85aEgs5cwggM/
MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM
V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z
dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5
WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2
vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9
A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEw
EgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0
ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZ
Ohl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVN
d+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTA5MTQwODUwMTlaMCMGCSqG
SIb3DQEJBDEWBBTvzjvRFfJvO2w2Y711a+V4BBciRzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgSXNzdWluZyBDQQIDDs2tMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTANBgkqhkiG9w0BAQEFAASC
AQBjXeES+qL/b762TWJlOtcb9JmQjUitOs2F1Zmj3uZJqOanieU63L6o8vm9En3/VjhexW73
H8hVKt7KCyq31fAw2XoB2arRmY/6kDqc6MeEJ3ZYvews8GMMbd0LxOnaWtGT5rd8+3XCrq9h
9LhRmvWI+peqOHDab3niB2tDcYLg4DmKJQq5oLYvFdPcKeP82dPCFj44Lyc1riVPtN2UcoNZ
jhMgwYrfILvQPwJMUO+/CQ8MGQseG8f1phtIF5O/M+WxPUAiW0cZBY2RIPBnbNgz8jRybZys
+pMHwJdBrUBMBYXgQI+zBZ5r1tAFL89mfk7ZAerqiEV8A3jwkh4ukQLSAAAAAAAA
--------------ms080600090905090804040601--