Network distributed system for updating locally secured objects in client machines

US 6,029,246 A
Filed: 03/31/1997
Issued: 02/22/2000
Est. Priority Date: 03/31/1997
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:

starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;

said second computer system issuing a command to said first computer system which includes performing said first operation on said first object;

said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and

said intermediary process performing said first operation on said first object in response to said first request.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Technique for allowing real time centralized administration of protected objects on client computer systems. When a user logs on to a centrally administered client machine on a computer network, an intermediary object modification process starts in the background with administrator account permissions. Thereafter, whenever the administrative agent on the client computer system unsuccessfully attempts to perform an operation on a protected object for which the logon user lacks sufficient permission to perform, the agent passes a request to the intermediary process to perform the operation. The intermediary process is able to perform the desired operation because it has sufficient permission to do so even if the administrative agent does not.

85 Citations

View as Search Results

27 Claims

1. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:
- starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;
  
  said second computer system issuing a command to said first computer system which includes performing said first operation on said first object;
  
  said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and
  
  said intermediary process performing said first operation on said first object in response to said first request.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method according to claim 1, further for performing a second operation on a second object in said first computer system by a second process which lacks sufficient permission to perform said second operation on said second object,wherein said intermediary process has sufficient permission to perform said second operation on said second object;
    - further comprising the step of said second process communicating a second request to said intermediary process to perform said second operation on said second object; and
      
      said intermediary process performing said second operation on said second object in response to said second request.
  - 3. A method according to claim 1, wherein said first operation comprises a member of the group consisting of adding data to said first object, deleting data from said first object, modifying data in said first object, deleting said first object, renaming said first object, and changing properties of said first object.
  - 4. A method according to claim 1, wherein said first object comprises a member of the group consisting of a file, a directory, a registry, a registry entry, and a node in a registry.
  - 5. A method according to claim 1, wherein said intermediary process comprises a service.

6. A method for performing a first operation of a first type on a first object in a first computer system by a first process, said first computer system running an operating system which assigns access control restrictions to objects in said first computer system and through such access control restrictions prevents operations of said first type from being performed on said first object except by processes having predetermined access control permissions, said first process lacking said predetermined access control permissions, comprising the steps of:
- starting an intermediary process on said first computer, said intermediary process having at least said predetermined access control permissions;
  
  said first process communicating a first request to said intermediary process to perform said first operation on said first object; and
  
  said intermediary process performing said first operation on said first object in response to said first request.
- View Dependent Claims (7, 8)
- - 7. A method according to claim 6, wherein said intermediary process comprises a service running with administrator permissions.
  - 8. A method according to claim 6, wherein said operating system is a WindowsNT®
    - operating system, and wherein said first object comprises a member of the group consisting of a WindowsNT®
      
      registry, a WindowsNT®
      
      registry entry and a node in a WindowsNT®
      
      registry.

9. A method for performing a first operation on a WindowsNT®
- registry in a first computer system running a WindowsNT®
  
  operating system, by an agent process of an administration computer system, said agent process running on said first computer system and lacking sufficient permission to perform said first operation on said WindowsNT®
  
  registry, comprising the steps of;
  
  starting an intermediary service on said first computer, said intermediary process having sufficient permission to perform said first operation on said registry;
  
  said agent process receiving a command from said administration computer system which includes performing said first operation on said registry;
  
  said agent process, in response to said command, communicating a request to said intermediary service to perform said first operation on said registry; and
  
  said intermediary service performing said first operation on said registry in response to said request.
- View Dependent Claims (10, 11)
- - 10. A method according to claim 9, further comprising the step of said agent process unsuccessfully attempting to perform said first operation on said registry in response to said command and prior to said step of communicating a request to said intermediary service.
  - 11. A method according to claim 10, wherein said intermediary service runs with administrator permissions.

12. Apparatus for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising:
- means for starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;
  
  means in said second computer system for issuing a command to said first computer system which includes performing said first operation on said first object;
  
  means in said first process in response to said command for communicating a first request to said intermediary process to perform said first operation on said first object; and
  
  means in said intermediary process for performing said first operation on said first object in response to said first request.
- View Dependent Claims (13, 14, 15, 16)
- - 13. Apparatus according to claim 12, further for performing a second operation on a second object in said first computer system by a second process which lacks sufficient permission to perform said second operation on said second object,wherein said intermediary process has sufficient permission to perform said second operation on said second object;
    - further comprising means in said second process for communicating a second request to said intermediary process to perform said second operation on said second object; and
      
      means in said intermediary process for performing said second operation on said second object in response to said second request.
  - 14. Apparatus according to claim 12, wherein said first operation comprises a member of the group consisting of adding data to said first object, deleting data from said first object, modifying data in said first object, deleting said first object, renaming said first object, and changing properties of said first object.
  - 15. Apparatus according to claim 12, wherein said first object comprises a member of the group consisting of a file, a directory, a registry, a registry entry, and a node in a registry.
  - 16. Apparatus according to claim 12, wherein said intermediary process comprises a service.

17. Apparatus for performing a first operation of a first type on a first object in a first computer system by a first process, said first computer system running an operating system which assigns access control restrictions to objects in said first computer system and through such access control restrictions prevents operations of said first type from being performed on said first object except by processes having predetermined access control permissions, said first process lacking said predetermined access control permissions, comprising:
- means for starting an intermediary process on said first computer, said intermediary process having at least said predetermined access control permissions;
  
  means in said first process for communicating a first request to said intermediary process to perform said first operation on said first object; and
  
  means in said intermediary process for performing said first operation on said first object in response to said first request.
- View Dependent Claims (18, 19)
- - 18. Apparatus according to claim 17, wherein said intermediary process comprises a service running with administrator permissions.
  - 19. Apparatus according to claim 17, wherein said operating system is a WindowsNT®
    - operating system, and wherein said first object comprises a member of the group consisting of a WindowsNT®
      
      registry, a WindowsNT®
      
      registry entry and a node in a WindowsNT®
      
      registry.

20. Apparatus for performing a first operation on a WindowsNT®
- registry in a first computer system running a WindowsNT®
  
  operating system, by an agent process of an administration computer system, said agent process running on said first computer system and lacking sufficient permission to perform said first operation on said WindowsNT®
  
  registry, comprising;
  
  means for starting an intermediary service on said first computer, said intermediary process having sufficient permission to perform said first operation on said registry;
  
  means in said agent process for receiving a command from said administration computer system which includes performing said first operation on said registry;
  
  means in said agent process for, in response to said command, communicating a request to said intermediary service to perform said first operation on said registry; and
  
  means in said intermediary service performing said first operation on said registry in response to said request.
- View Dependent Claims (21, 22)
- - 21. Apparatus according to claim 20, further comprising means in said agent process for attempting to perform said first operation on said registry in response to said command, said means for attempting operating prior to said means for communicating a request to said intermediary service.
  - 22. Apparatus according to claim 21, wherein said intermediary service runs with administrator permissions.

23. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:
- starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;
  
  said second computer system issuing a command to said first computer system which includes performing said first operation on said first object;
  
  said first process unsuccessfully attempting to perform said first operation on said first object;
  
  said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and
  
  said intermediary process performing said first operation on said first object in response to said first request.
- View Dependent Claims (24, 25)
- - 24. A method according to claim 23, wherein said step of starting an intermediary process precedes said step of said first process unsuccessfully attempting to perform said first operation.
  - 25. A method according to claim 23, wherein said step of starting an intermediary process precedes said step of said second computer system issuing a command.

26. Apparatus for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising:
- means for starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;
  
  means in said second computer system for issuing a command to said first computer system which includes performing said first operation on said first object;
  
  means in said first process for attempting to perform said first operation on said first object;
  
  means in said first process in response to said command for communicating a first request to said intermediary process to perform said first operation on said first object, wherein said means in said first process for communicating a first request to said intermediary process operates in response to failure of an attempt by said means for attempting; and
  
  means in said intermediary process for performing said first operation on said first object in response to said first request.
- View Dependent Claims (27)
- - 27. Apparatus according to claim 26, wherein said means for starting an intermediary process operates before said means in said second computer system for issuing a command to said first computer system does so.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Clouding Corporation (Marathon Patent Group, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bahr, Terry S.
Primary Examiner(s)
Le, Dieu-Minh T.

Application Number

US08/829,609
Time in Patent Office

1,058 Days
Field of Search

395/186, 395/187.9, 395/188.01, 395/680, 395/682, 395/683, 395/200.33, 395/200.32, 395/200.55, 713/200, 713/201, 713/202, 709/203, 709/202, 709/225
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

Network distributed system for updating locally secured objects in client machines

First Claim

6 Assignments

Litigations

0 Petitions

Accused Products

Abstract

85 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Network distributed system for updating locally secured objects in client machines

First Claim

6 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links