APPX is the Premier Development and Runtime Environment for Business Application Software
(Answer) (Category) FAQ's - APPX Software, Inc. : (Category) APPX Utility : (Category) APPX System Administration :
The command-line "kill" too time-consuming and error-prone. Is there a better alternative?
APPX user, Bruce Johnston, has put together a suite of utility processes he uses in the day-to-day administration of his APPX server. One of these utility processes is a "kill" utility reminiscent of similar functionality found on Wang systems.

While ASI has not tested and in no way warrants this software, it has been available for some time now, and we have heard no negative feedback regarding it. You might want to check it out at www.cansyswest.com/nt_utilities.htm and see if serves your needs. Please be aware that if you install this package, ASI cannot provide support for its functions, since we did not write it. (Caveat emptor, and all the other precautions that normally go along with free and/or user-supported software).

Bruce Johnston, Jan 14, '04:
Be advised that I've recently discovered a problem with the kill-related portion of the utilities.
NT Admins are still allowed to kill any APPX process that they see in the APPX input and non-Admins are supposed to be able to kill sessions under their own APPX id.
I've found that this second bit was only working because, during the process of getting to work several years ago, I'd given the Advanced NT User Right "Act as part of the operating system" to the APPX user group. I discovered this after removing that right from the group and then learning that users could no longer kill their own orphaned sessions.
There are a number of security concerns about this as documented by Microsoft at http://www.microsoft.com/msj/0899/security/security0899.aspx
At some point I hope to change the utility so that the kill requests is not actually attempted by the APPX code but is instead forwarded via a file to an APPX process running as a service under an Administrator group account and have that service periodically check for processes to kill.
In the meantime, if your users have never been able to kill there own sessions, this is probably why not. If they have and you're worried about the potential exposure if code were ever run on the server by a user with this right which contains routines which may exploit the hole, you would want to consider reoving this priviledge.


[Append to This Answer]
2004-Jan-15 8:45am
Previous: (Answer) APPX.EXE process is consuming 95%
Next: (Answer) How can I determine which APPX.EXE processes on my server are orphans?
This document is: http://board.appx.com/cgi-bin/fom.cgi?file=301
[Search] [Appearance]
This is a Faq-O-Matic 2.719.
Copyright 2003 by APPX Software, Inc. All rights reserved.