I built a Database application that used Access as its DB backend for a
library. Initially, the application was meant to support only routine tasks
of the library staff, and was not available to the public. However, it has
been so successful that the library has decided to allow people to use it for
searching the library books.

Although security mechanisms were built into the application right from
scratch, but the file-serving nature of Access poses a problem. Due to its
file serving nature, an Access database needs to be available in a shared
network folder, for allowing clients to access it.
And here's the catch. A mischevious person can use Explorer etc. to directly
access the database. Although I can add a $ to the network name of the shared
folder to prevent it from being shown in explorer, but that doenot prevent
one to enter the path directly, in case he comes to know about it somehow.

Now, with my knowledge of Windows & .NET security mechanisms, I have found
one way to prevent this. I can create a Guest account on clients, & use
gpedit to deny it all Network permissions accept for .NET applications.
Next, I can configure .NET to deny Network access to all but my application.

Will this work in restricting Network access from clients to just my
application? Is there a better solution?
Also, I am not too comfortable with playing around gpedit & caspol.exe. Can
someone describe how to accompolish the above tasks using these utilities, or
atleast point me to a resource, which could be of help??

there are certainly group polices that allow to sandbox the whole system,
like removing explorer, deny access to the cmd, remove the start menu and
more....

Search for "Kiosk Mode"
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

"Dominick Baier" wrote:

Can you point me to resources where I can get some quick tips to manipulate
these policies???