Network distributed system for updating locally secured objects in client machines
DCFirst Claim
1. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:
- starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object;
said second computer system issuing a command to said first computer system which includes performing said first operation on said first object;
said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and
said intermediary process performing said first operation on said first object in response to said first request.
6 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Technique for allowing real time centralized administration of protected objects on client computer systems. When a user logs on to a centrally administered client machine on a computer network, an intermediary object modification process starts in the background with administrator account permissions. Thereafter, whenever the administrative agent on the client computer system unsuccessfully attempts to perform an operation on a protected object for which the logon user lacks sufficient permission to perform, the agent passes a request to the intermediary process to perform the operation. The intermediary process is able to perform the desired operation because it has sufficient permission to do so even if the administrative agent does not.
85 Citations
27 Claims
-
1. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:
-
starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object; said second computer system issuing a command to said first computer system which includes performing said first operation on said first object; said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and said intermediary process performing said first operation on said first object in response to said first request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for performing a first operation of a first type on a first object in a first computer system by a first process, said first computer system running an operating system which assigns access control restrictions to objects in said first computer system and through such access control restrictions prevents operations of said first type from being performed on said first object except by processes having predetermined access control permissions, said first process lacking said predetermined access control permissions, comprising the steps of:
-
starting an intermediary process on said first computer, said intermediary process having at least said predetermined access control permissions; said first process communicating a first request to said intermediary process to perform said first operation on said first object; and said intermediary process performing said first operation on said first object in response to said first request. - View Dependent Claims (7, 8)
-
-
9. A method for performing a first operation on a WindowsNT®
- registry in a first computer system running a WindowsNT®
operating system, by an agent process of an administration computer system, said agent process running on said first computer system and lacking sufficient permission to perform said first operation on said WindowsNT®
registry, comprising the steps of;starting an intermediary service on said first computer, said intermediary process having sufficient permission to perform said first operation on said registry; said agent process receiving a command from said administration computer system which includes performing said first operation on said registry; said agent process, in response to said command, communicating a request to said intermediary service to perform said first operation on said registry; and said intermediary service performing said first operation on said registry in response to said request. - View Dependent Claims (10, 11)
- registry in a first computer system running a WindowsNT®
-
12. Apparatus for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising:
-
means for starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object; means in said second computer system for issuing a command to said first computer system which includes performing said first operation on said first object; means in said first process in response to said command for communicating a first request to said intermediary process to perform said first operation on said first object; and means in said intermediary process for performing said first operation on said first object in response to said first request. - View Dependent Claims (13, 14, 15, 16)
-
-
17. Apparatus for performing a first operation of a first type on a first object in a first computer system by a first process, said first computer system running an operating system which assigns access control restrictions to objects in said first computer system and through such access control restrictions prevents operations of said first type from being performed on said first object except by processes having predetermined access control permissions, said first process lacking said predetermined access control permissions, comprising:
-
means for starting an intermediary process on said first computer, said intermediary process having at least said predetermined access control permissions; means in said first process for communicating a first request to said intermediary process to perform said first operation on said first object; and means in said intermediary process for performing said first operation on said first object in response to said first request. - View Dependent Claims (18, 19)
-
-
20. Apparatus for performing a first operation on a WindowsNT®
- registry in a first computer system running a WindowsNT®
operating system, by an agent process of an administration computer system, said agent process running on said first computer system and lacking sufficient permission to perform said first operation on said WindowsNT®
registry, comprising;means for starting an intermediary service on said first computer, said intermediary process having sufficient permission to perform said first operation on said registry; means in said agent process for receiving a command from said administration computer system which includes performing said first operation on said registry; means in said agent process for, in response to said command, communicating a request to said intermediary service to perform said first operation on said registry; and means in said intermediary service performing said first operation on said registry in response to said request. - View Dependent Claims (21, 22)
- registry in a first computer system running a WindowsNT®
-
23. A method for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising the steps of:
-
starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object; said second computer system issuing a command to said first computer system which includes performing said first operation on said first object; said first process unsuccessfully attempting to perform said first operation on said first object; said first process in response to said command communicating a first request to said intermediary process to perform said first operation on said first object; and said intermediary process performing said first operation on said first object in response to said first request. - View Dependent Claims (24, 25)
-
-
26. Apparatus for performing a first operation on a first object in a first computer system by a first process which lacks sufficient permission to perform said first operation on said first object, for use with a second computer system, comprising:
-
means for starting an intermediary process on said first computer, said intermediary process having sufficient permission to perform said first operation on said first object; means in said second computer system for issuing a command to said first computer system which includes performing said first operation on said first object; means in said first process for attempting to perform said first operation on said first object; means in said first process in response to said command for communicating a first request to said intermediary process to perform said first operation on said first object, wherein said means in said first process for communicating a first request to said intermediary process operates in response to failure of an attempt by said means for attempting; and means in said intermediary process for performing said first operation on said first object in response to said first request. - View Dependent Claims (27)
-
Specification