I have this small problem where some users are starting to get a little curouis about my scripts and have found their way to the NETLOGON FOlder .... so.. my question is.. HOW can I stop people from "LOOKIN" I have stopped them from deleting!! but... I can't stop them from looking...

So what tips do you have ?

I use WIN95 & NT servers

Kind of a catch 22 - If they can't see it and read it, they can't run it.

User need the Read and Execute rights in the Logon Share in order for the login script to work. If you removed the permission to Read, your scripts would quit working. You could maybe devise a hidden share (too much trouble), but your advanced users would still be able to get to it.

Sorry Something you will probably have to live with for now. (who knows, maybe there is some 3rd party software out there to prevent it. There seems to be software out there somewhere for just about anything.)

[ 21 July 2001: Message edited by: NTDOC ]

NTDOC you will love this also.

We are running the tools compress _ codec to make a script
unreadable.
The batch has converted to a unreadable file with the programs
bat2exec + secure21.

All programs will you find on our site http://home.wanadoo.nl/scripting
See for other information the topics:
http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=000570 codec + compress

http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001558 +
http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001433 bat2exec + secure21

How compress/encrypt and decrypt/decompress: we are using two BATch files

• encrypt.bat

  code:

  ---

  @echo off
        if "%2." == "." goto error
        if "%1." == "." goto error
        copy         "%1" %tmp%\xxxx1.tmp
        compress.exe /e   %tmp%\xxxx1.tmp %tmp%\xxxx2.tmp
        codec.exe    /e   %tmp%\xxxx2.tmp %tmp%\xxxx3.tmp
        copy              %tmp%\xxxx3.tmp "%2"
        del %tmp%\xxxx?.tmp
        echo.
        echo Compress + Encrypt: '%1' to '%2'.
        goto end
       :error
        echo encrypt.bat your_script.kix encrypt_script
       :end
  @echo off
  

  ---

• decrypt.bat
  

  code:

  ---

  
  @echo off
        if "%2." == "." goto error
        if "%1." == "." goto error
        copy         "%1" %tmp%\xxxx1.tmp
        codec.exe    /e   %tmp%\xxxx1.tmp %tmp%\xxxx2.tmp
        compress.exe /e   %tmp%\xxxx2.tmp %tmp%\xxxx3.tmp
        copy              %tmp%\xxxx3.tmp "%2"
        del %tmp%\xxxx?.tmp
        echo.
        echo Decrypt + Decompress: '%1' to '%2'.
        goto end
       :error
        echo decrypt.bat encrypt_script your_script.kix
       :end
  @echo off
  

  ---

  
  
• to decrypt + decompress + run a script we are using:
  kixrun.bat
  

  code:

  ---

  
  @echo off
        if "%1." == "." goto error
        copy         "%1" %tmp%\xxxx1.tmp
        codec.exe    /e   %tmp%\xxxx1.tmp %tmp%\xxxx2.tmp
        compress.exe /e   %tmp%\xxxx2.tmp %tmp%\xxxx3.tmp
        kix32 %tmp%\xxxx3.tmp
        del   %tmp%\xxxx?.tmp
        echo.
        echo Decrypt + Decompress + kix32: '%1'.
        goto end
       :error
        echo kixrun.bat encrypt_script
       :end
  @echo off
  

  ---

  
  

remark: codec + compress are only using 8.3 file format names.

How can your logon.bat look like:

code:

---

@echo off
      %0\..\kixcheck.exe
      if errorlevel 1 %0\..\kix400update.exe /q
      net use x: \\server\apps$
      call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\mappings.xxx
      call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\desktop.xxx
      call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\cleanup.xxx
      call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\lstlogon.xxx
      call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\invent.xxx
      net use x: /delete
@echo off

---

• kixcheck.exe checks for availability of kixtart files on your local
  workstation. it will return an errorlevel.
  
• kix400update.exe will install the necessary kixtart files (kix32.exe,
  kx16.dll, kx32.dll & kx95.dll) to your windows directory.
  
• net use x: \\server\apps$ will only a special drive for other logon
  files. the files are located at directory x:\admin\kixtart in our example.
  
• call x:\admin\kixtart\kixrun.bat x:\admin\kixtart\mappings.xxx will
  run a compress + encrypt kixtart script. we are using another extension (= .xxx)
  for those files to prevent mistakes.
  it will decrypt and decompress your script to the %tmp% directory and
  after execution by kix32.exe the temporary files will be removed.
  
• net use x: /delete will remove the special connection.
  

Is there a solution: YES

How: using bat2exec and secure21.zip tools.

• bat2exec logon.bat will return the file logon.com, which
  is still viewable, but it can be started as EXE file.
  
• with secure you can make this logon.com unreadable for
  everybody.
  

The result is:

• NETLOGON directory contains only the files:
  - kixcheck.exe (= see our site)
  - kix400update.exe (= see our site)
  - logon.exe (= secure logon.com file)
  
• X:\admin\kixtart contains only the files:
  - codec.exe
  - compress.exe
  - kixrun.bat
  - different compressed + encrypted kixtart scripts (our example: mappings.xxx,
  desktop.xxx, cleanup.xxx, lstlogon.xxx, invent.xxx)

  a good supplementation can be
  - the kixtart files: kix32.exe, kx16.dll, kx32.dll, kx95.dll.
  - the directory X:\admin and X:\admin\kixtart are hidden for normal viewers.
  

We think this is for the moment enough that not only normal but also
experience users can read any of your scripts. it will drive everybody
crazy how a very little program like logon.exe can do such nice
things.
Greetings.

btw: a simple alternative is: use kixstrip. it make it hard to read
your scripts. how will or can you read one single line of 166.000 characters
without comment or other information (see topics:
http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001943 kixstrip
http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001981 example of usage of kixstrip

Symbol on our homepage has been linked to related http://kixtart.org topic.

[ 23 July 2001: Message edited by: MCA ]

Thanks for the info MCA - Good job.

Sometimes you must think a lot of steps forward.

Mostly the same strategy you must have by the fight against a virus.
You must not only destroy the current virus, but also prevent similar
virus attacks. A nice example are the VBS problems.
No CScript.exe or WScript.exe available on your clients
means a hard problem for VBS script (by-the-way: how many users really
need those programs for there job? we don't mean experience users or
programmers) to run.
Another nice file which hardly nobody is using: format.com which
you are starting for a DOS box.

Greetings.

btw: kixstrip can make your code hard to read, but with kixstrip it is
also possible to create a readable layout of your script. only the com-
ment will be missing.