KB_Soft Group - Software Vendor's Development Partner [Portfolio]

Objectives

The objective of this project was in revision of the MS Windows service performing the Software Distribution.

Results

The Software Distribution service was extended with the following functionalities: the user profile loading, access to the network resources, and identifying whether the system works under the system account as well.

Technical peculiarities

The implementation of user profile load required the support both for roaming and local profiles, as well as for working in a Workgroup and NT domain. The functionality of identifying whether the thread works under the system account was necessary to create the network connection. It was necessary to create the connection not under the system account. So, if a thread was working under the system account, then it was necessary to impersonate it with the security context of a logged-on user. Identifying the system account by name turned out to be

unreliable. Since the name depends on the OS locale language, identification was performed using the SID analysis (the system account has a well-known SID). A special feature of network resources access management was frequent switching the service thread between the contexts of different users. On a number of platforms (Windows XP in particular), the network connections created by one user are invisible for another user. So it was necessary to create network connections in the context of that very user who intends to operate with them.

		Objectives The objective of this project was in revision of the MS Windows service performing the Software Distribution.		Results The Software Distribution service was extended with the following functionalities: the user profile loading, access to the network resources, and identifying whether the system works under the system account as well.
		Technical peculiarities The implementation of user profile load required the support both for roaming and local profiles, as well as for working in a Workgroup and NT domain. The functionality of identifying whether the thread works under the system account was necessary to create the network connection. It was necessary to create the connection not under the system account. So, if a thread was working under the system account, then it was necessary to impersonate it with the security context of a logged-on user. Identifying the system account by name turned out to be		unreliable. Since the name depends on the OS locale language, identification was performed using the SID analysis (the system account has a well-known SID). A special feature of network resources access management was frequent switching the service thread between the contexts of different users. On a number of platforms (Windows XP in particular), the network connections created by one user are invisible for another user. So it was necessary to create network connections in the context of that very user who intends to operate with them.

Software Distribution Service

Objectives

Results

Technical peculiarities