CygNet and User Account Control
User Account Control (UAC) is a Microsoft Windows security infrastructure that helps to protect Microsoft Windows from unauthorized administrative changes. When configured, UAC notifies you when a program attempts to make a change to your computer that requires administrator-level permission.
CygNet recommends that you review the security environment for your enterprise, determine your UAC settings requirements, and configure UAC on computers running CygNet client applications to help prevent unauthorized changes to the computer.
Note that this configuration is optional and if you choose not to enable UAC, no prompts or warnings will appear when applications attempt to make changes to the computer.
CygNet client software is integrated with UAC such that when an operator needs to run applications that perform administrative tasks, such as installing or uninstalling applications, launching version-managed applications, or changing system settings, the operator will be prompted to temporarily change or "elevate" their security context from a standard user to an administrative user. Operators running as administrators will be warned of changes being made to the computer and prompted to confirm.
Note: For computers running CygNet Host Services we recommend that UAC be disabled (CygNet SCADA service hosts and CygNet Measurement (FMS) service hosts).
For more general information about UAC, refer to the following Microsoft resources:
- Windows online help on your computer for User Accounts and User Account Control
UAC Experience for CygNet Clients
Consult appropriate Microsoft documentation regarding the creation and maintenance of user accounts for your CygNet users. For the purposes of understanding UAC there are two types of user accounts under which you can run CygNet client applications: standard users and administrator users.
Standard Users
A user account type for every day computing. Standard users have the least amount of user rights and privileges required to perform basic computer tasks. These users have limited administrative privileges: they cannot install or uninstall applications that install into %systemroot%, change system settings, or perform other administrative tasks.
However with UAC enabled on a computer running CygNet client applications, a standard user attempting to perform these tasks will be presented with a UAC dialog box requesting that permission be elevated to that of an administrator. If you are able to provide valid administrative credentials, or someone with an administrator account on the computer enters their password, you will be permitted to continue. Once elevated, you are temporarily given the rights of an administrator to complete the task and then your permissions are returned back to that of a standard user.
Standard users can also choose to "Run as administrator" (via an application shortcut (desktop icon or Start menu)) and provide valid administrative credentials to avoid elevation prompts while performing administrative tasks in an affected application. Administrative elevation is dropped accordingly when the "Run as administrator" client application is closed.
Standard client users are not prompted to enter administrative credentials when launching an application from a CygNet version-managed shortcut, if no version management operations are required. If a required update is detected when a standard client user launches an application from a CygNet version-managed shortcut, the user will be prompted to elevate and enter administrative credentials. But, if the user chooses to cancel from the prompt, the target application will still launch allowing the standard user to perform the intended task using the non-updated version, if possible.
It is expected that most CygNet operators will run under standard user accounts to mitigate the impact of security threats to computers, systems, and networks.
Administrator Users
A user account type with system-wide access to install, update, and run software. With UAC enabled on a computer running CygNet client applications, an administrative user will be warned when trying to complete a task that requires administrator-level permission. If you are a running under an administrative user account, simply click Yes on the UAC consent dialog box to continue.
CygNet Client Applications
The following CygNet applications have been modified to allow UAC to be enabled on computers running client applications:
- CygNet Client Installer/Launcher (CInstall.exe)
- CygNet Version Manager (BSSVM.exe)
- CygNet Domain Connection Utility (CygConn.exe)
- CygNet ODBC 64-bit Installer (CygNetODBCx64.msi)
- CygNet Explorer (CExplore.exe - when launching CygNet Console only)
- CygNet Studio or Vision (CStudio.exe/CVision.exe - when launching a version-managed application from a screen button only)
- CygNet Version Info Utility (CVersionInfo.exe)
- CygNet Message Sniffer Lite Utility (SnifferLite.exe)
- CygNet Online Help (this Help file)
Note: There may be other CygNet client applications that include tasks that require administrative credentials, such as registering files or downloading version-managed applications. Standard users may encounter the UAC shield icon ( 
) on buttons or menu items and will be prompted to elevate.
The following are some commonly performed tasks that require UAC interaction, and the permissions level required for the task, for each affected client application.
CygNet Client Installer/Launcher
| Task | Standard User Permissions | Elevated Permissions |
|---|---|---|
|
Launch CygNet Client Installer |
|
|
|
Download a version-managed update |
|
|
|
Create desktop shortcut |
|
|
|
Install an application via the Install button |
|
|
|
Launch an application that requires a version-managed update |
|
|
|
Launch an application with no update |
|
|
|
Launch an application that has not been previously launched |
|
|
|
Change the default version management settings for all users (via Settings button) |
|
|
|
Change version management settings for the current user (via Settings button) |
|
|
|
Change to a Domain ID (via Settings > Connect button) |
|
|
|
Search for an ARS (via Settings > Connect button) |
|
|
|
Install CygNet ODBC 32-bit and 64-bit via CygNet Client Installer (Seat ID created) |
|
CygNet Version Manager
| Task | Standard User Permissions | Elevated Permissions |
|---|---|---|
|
First time launch any version-managed application |
|
|
|
Subsequent launch of any version-managed application via a shortcut |
|
|
|
Download a version-managed update |
|
|
|
Launch CygNet Console for a service via right-click in CygNet Explorer |
|
|
|
Launch or start a version-managed application from a CygNet Studio/Vision button |
|
CygNet Domain Connection Utility
| Task | Standard User Permissions | Elevated Permissions |
|---|---|---|
|
Launch CygNet Domain Connection utility |
|
|
|
Define a Domain ID for the computer |
|
|
|
Define a Domain ID for the current user |
|
|
|
Delete a Domain ID for the computer |
|
|
|
Delete a Domain ID for the current user |
|
|
|
Define a Preferred ARS address for a domain |
|
|
|
Define a Forced ARS address for a domain |
|
|
|
Connect to, but not add, a domain ID |
|
|
|
Test the connection to an ARS (via Test Domain button) |
|
|
|
Set a Domain ID as the Default |
|
|
|
Edit Properties > Advanced Network Settings (RUDP Fragment Sizes) |
|
Other Applications
| Task | Standard User Permissions | Elevated Permissions |
|---|---|---|
| CygNet Explorer | ||
|
Launch CygNet Console for a selected service from CygNet Explorer (context menu) |
|
|
|
Launch CygNet Help directly from CygNet Explorer |
|
|
| CygNet Studio/Vision | ||
|
Launch a version-managed CygNet application via a screen button |
|
|
|
Launch CygNet Help directly from CygNet Studio/Vision |
|
|
| FMS Explorer | ||
|
Launch CygNet Help directly from FMS Explorer |
|
|
|
CygNet Client Monitor |
||
|
Schedule automatic updates to all installed applications |
|
|
|
CygNet Message Sniffer Lite |
||
|
Start message capture |
|
