JeremyNicoll

Who (which users) can change OA settings?

Recommended Posts

I Know my avatar/info box says I'm using XP, but I also have a W8.1 machine.   Today I was about to do one of my every-so-often tidy-ups of old 'program' configuration entries in OA and I wondered whether I should do this from an ordinary userid or my Admin userid.

 

I started with the OA 'Program' display as seen by the ordinary user, and was able to delete old entries.  Then I went and viewed the same display from my Admin userid... and the entries were gone.

 

I find this quite alarming!  I think I would have hoped that the ordinary user would either not be able to delete any entries at all, or they would have been entries that only applied to programs run by that userid.

 

Does this suggest there's a problem with the way that I have OA installed?

Share this post


Link to post
Share on other sites

Online Armor only maintains one set of rules per computer. It does not support user specific rules. That means every user that has the password to edit the Online Armor rules can edit the rules for the entire system. If no password is set, every user can edit the rules.

Share this post


Link to post
Share on other sites

If I set such a password, do all aspects of OA's remembered setttings get protected?  What happens if eg OA

produces an alert for something a user is doing - can they make a decision to allow/prohibit the action without

knowing the password?

 

How about your new product - EIS - does it have per-user settings?

Share this post


Link to post
Share on other sites

Alerts should not be affected by the password protection. EIS does not have per-user settings either. It does have per-user permissions though. So you can define more granular rules about which user is allowed to do what.

Share this post


Link to post
Share on other sites

Thanks!  Looking at that I notice that EIS's FW settings (along with lots of other stuff can be exported), as one can in EAM v9.  I tried that and am very happy to see that stuff exported from EAM creates plain text files.  Can you say whether FW rules exported form EIS are also plain text?     I like the idea because it means I can write code to compare the rule-sets I use on each computer, allowing for my own knowledge of which programs I have installed where on each one, etc. 

 

I'm slightly less impressed by the section of the export dialogue which allows one to choose the folder into which stuff will be exported. The dialog only shows a small length of a typical filepath so one cannot see where the files will go unless one pretends to choose a new location.

 

Is there an external command (switch?) I could use, eg from a scheduled task, to force EAM or EIS to export its current settings?  If so I could automate daily backups of the settings...    Ideally one would want such a switch also to allow one to specify the output folder's name, rather than rely on whatever the GUI's currnt setting is. 

 

I also noticed that global FW rules are applied in the order they're displayed in, and one can change that order.  For application FW rules (it's hard to tell from reading the manual without screenshots) I'm not sure if you can only have one rule per application, or multiple ones?  If you can have multiple ones are they also tested in (displayed?) order?   Can one mark a rule so it is temporarily disabled, for example if you want to try an alternative rule for a while?

Share this post


Link to post
Share on other sites

Is there an external command (switch?) I could use, eg from a scheduled task, to force EAM or EIS to export its current settings?  If so I could automate daily backups of the settings...    Ideally one would want such a switch also to allow one to specify the output folder's name, rather than rely on whatever the GUI's currnt setting is.

No, but all the dialog does is copy the appropriate INI files from the EAM/EIS directory to a directory of your choice anyways. So you can just write a small Batch script that copies the files out of the EAM/EIS directory itself. All our settings are stored in plain text INI files, including the firewall rules.

 

I also noticed that global FW rules are applied in the order they're displayed in, and one can change that order.  For application FW rules (it's hard to tell from reading the manual without screenshots) I'm not sure if you can only have one rule per application, or multiple ones?  If you can have multiple ones are they also tested in (displayed?) order?   Can one mark a rule so it is temporarily disabled, for example if you want to try an alternative rule for a while?

You can have multiple application rules and the application rules are processed in order as well. To give you an idea of what the dialog looks like:

oYiWn3u.png

The rules in that example don't make much sense. I just added them for demonstration purposes. There is no way to disable a rule at the moment. But that is actually a good idea. I will suggest it internally.

Share this post


Link to post
Share on other sites

a) copying INI files: excellent!   Not only can I back them up easily, I can also have analysis code read them directly.

 

b) application rules: thanks for the screenshot.   And thanks even more for taking the 'disable' idea forward.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.