Securing Myriad Terminals


Securing Myriad Terminals

Author
Message
Richard Payne
Richard Payne
Ex-Product Development Engineer of P Squared Ltd.
Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)

Group: Forum Members
Posts: 123, Visits: 150
One of the questions that we are getting increasingly often is \"How do we prevent people fiddling with studio PC setups and breaking things\". The correct \"Windows answer\" is to make your users login as a restricted user. However this raises several problems on a Myriad system.

Myriad local configuration data is stored in an INI file in the Windows folder. This folder is not writable by restricted users and if you are running Q-Nxt it can't update the automation mode. If the terminal restarts for any reason then the auto-restart will not work correctly. Also if you are running AutoTrack on the same system then its configuration is stored here too with the same problem.

The solution is to set the security permissions on the INI files to allow full access to everyone. Select the myriad.ini (and autotrck.ini if you have it), right click and select Properties. Go to the security tab. Is \"Everyone\" in the list of users at the top? If not then click the Add button, select Everyone and click Add followed by ok. Once Everyone is in the list select it and make sure that Allow Full Control is ticked. Press OK to close the properties dialog.

Restricted users do not have permission to set the system clock. Normally this would be a good thing but if you use a radio clock then it is a problem. Myriad controls the clock, reads the time from it and sets the system time. The problem is that Myriad runs in the user's security context and so if the user is restricted so is Myriad and hence it can not set the system time. The only solution to this is unfortunately to relax the use restriction and allow them to change the time.

Go to Start > Settings > Control Panel > Administrator Tools > Local Security Policy
Use the tree on the left to navigate to Local Policies > User Right Assignment
Double click on the \"Change the system time\" entry in the list on the right.
Tick the local policy setting for the \"Users\" group and press ok.
Close the Local Security Settings window.

Remember that installation and configuration of a Myriad system require Administrator access. Therefore if your users do not have this then they can not make any changes. This also includes re-licensing of all P Squared products.
Peter Jarrett
Peter Jarrett
Forum Sage
Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)

Group: Broadcast Radio
Posts: 1.8K, Visits: 3.7K
The above advice is largely only for Myriad v2 - Myriad v3 stores its settings in the Registry and is therefore a slightly trickier problem.

If you are a very advanced windows user, you could set the security on the P Squared Registry key to allow the users you want - but I would NOT RECOMMEND this unless you really know what you are doing (and of course have taken a complete backup before you start!)

The best way forward is to set your Windows Login as a member of the Power Users group - this is a kind of halfway house between being a regular limited user and a full administrator.

You may then want to follow the Microsoft guidelines on limiting what Power Users can get up to, but that is beyond the scope of this article.

------------
Peter Jarrett, Technical Director
Broadcast Radio Ltd.

Bill Bailey: No win, no fee, no basis in reality. Just a room above a minicab office in Acton and a steady stream of greedy simpletons whose delusion is only matched by their clumsiness


Peter Jarrett
Peter Jarrett
Forum Sage
Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)

Group: Broadcast Radio
Posts: 1.8K, Visits: 3.7K
Another issue in Myriad v3 is the file that stores the Local Jump Buttons. These are stored in the folder that Myriad is installed into - typically C:\Program Files\P Squared\Myriad v3.

If you have set up your computer to login with a "Power Users" level account then you will be OK as this has permissions to edit files in this folder anyway, but if you have restricted to the basic Users group then you will need to alter the permissions on this folder to allow Users to have Write permissions as well as read.

You cannot just do it on the file becuase when we edit the file we create a new temp file and then delete the old before renaming the temp file into place - thereby losing the permissions you have set up.

------------
Peter Jarrett, Technical Director
Broadcast Radio Ltd.

Bill Bailey: No win, no fee, no basis in reality. Just a room above a minicab office in Acton and a steady stream of greedy simpletons whose delusion is only matched by their clumsiness


Richard Payne
Richard Payne
Ex-Product Development Engineer of P Squared Ltd.
Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)Ex-Product Development Engineer of P Squared Ltd. (21K reputation)

Group: Forum Members
Posts: 123, Visits: 150
There is an additional issue with ripping from CDs.  By default windows restricts certain removable device functions to administrators only.  Myriad needs some of these functions and so you must set the restriction to allow the user groups that you use.

Open Local Security Policies (from Control Panel > Administrative Tools)  and go into Local Policies > Security Options. The option that needs changing is "Devices: Allowed to format and eject removable media".   (See attached screenshot)

If you use the "Users" group to run Myriad from then you will have to select the "Administrators and Interactive Users" option, although this will not give permission if you are remote controlling the system.

Attachments
cdsecure.png (493 views, 29.00 KB)
Edited
14 Years Ago by Richard Payne
Peter Jarrett
Peter Jarrett
Forum Sage
Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)Forum Sage (320K reputation)

Group: Broadcast Radio
Posts: 1.8K, Visits: 3.7K
Peter Jarrett (6/24/2006)
Another issue in Myriad v3 is the file that stores the Local Jump Buttons. These are stored in the folder that Myriad is installed into - typically C:\Program Files\P Squared\Myriad v3.

The good news for Myriad v3.5 users is that it stores the file in the All Users Application Data location (typically C:\Documents and Settings\All Users\Application Data\P Squared\Myriad v3 ) so you shouldn't need to alter any permissions to make it work Smile

------------
Peter Jarrett, Technical Director
Broadcast Radio Ltd.

Bill Bailey: No win, no fee, no basis in reality. Just a room above a minicab office in Acton and a steady stream of greedy simpletons whose delusion is only matched by their clumsiness


GO


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....





























Broadcast Radio Forums


Search