Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Block unauthorized upgrades
#1
I had a user upgrade his ASG 2016 client to ASG 2017 and in doing so upgraded the DB. This caused all of the other users to be kicked out of the system till one of my team figured out what had happened and wrote up the unplanned upgrade instructions. 

Allowing just any users to see the upgrade popups (very annoying BTW) and allowing them to run the upgrade without administrator rights is very dangerous and down right crazy.  


This is considered a bug for this app in our company.  We need this locked down to Administrators only as soon as possible. Upgrading needs to be a planned process only.  My users do not need the pop ups about upgrades and they do not need to have the ability to do it on their own.  

Speaking of which,  a better upgrade system is very needed.  I as an administrator should be able to upgrade the system and the next time the clients login to the DB they get the upgrade automatically.  without user intervention.   AND it needs to upgrade the current version, not just install the new version and leave the old one.  I have users with five versions on the their machines because they didn't care or know how to remove the old ones. 

This has been a massive issue with this software from the start.  Trying to manage this app as a enterprise application with enterprise permissions and upgrades has been challenging at best. The newer versions have better permissions but still lack things like upgrade lock down. 



Is there anyway to lock down the ability to upgrade ASG?
Reply
#2
Hi and thanks for your comments !
This is just a quick hint that comes in my mind regarding your upgrade issue:
The first thing I would do is make sure that the automatic upgrade check is disabelt. This alone should make a big difference. This setting could also be distributed to the clients as a registry settings:
for 32bit Systems that should be:
"HKEY_CURRENT_USER\Software\ASG\RemoteDesktop2017\UpgradeCheck"
The key as string and the value "false" prevents the check completeley !
For 64bit this should be :
HKEY_LOCAL_MACHINE\Software\ASG\RemoteDesktop2017\UpgradeCheck .

Hope that helps as a first approach.
Best regards,
Michael
-- michael.scholz@asg.com --
Reply
#3
I see that in my profile. Is there a way to fix this for all users without pushing a regfix?   

We need to block the ability to upgrade a database for any non admin user.  This is a step in the right direction but is not the fix needed to prevent future issues such as we just had. 

Thank you, I will continue to see if your idea can be used in our enterprise.
Reply
#4
I think that's already implemented - look at Settings=>Permissions

You can set a password for database upgrades - this section can only be edited by Administrators - and then only the people who knows that password can initiate a database upgrade (if needed by a new version)
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)