Access to user configs only for administrators by default

multiOTP / multiOTPCredentialProvider

multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support

Apache License 2.0

232 stars 77 forks source link

Access to user configs only for administrators by default #33

Closed jbacksch closed 3 years ago

jbacksch commented 4 years ago

Only administrators should have access to the user configs in the directory C:\Program Files (x86)\multiOTP\users\ by default when using a local ony strong authentication installation.

multiOTP commented 4 years ago

Hello Jörg, Thanks for your feedback. Even if the local data are encrypted, you're right, a stronger protection of this folder could be done automatically during the installation. The rights on the multiOTP folder and it's sub-directories will be changed by the setup program in the next minor upgrade. Regards, Andre

multiOTP commented 3 years ago

Hello, this is done in the latest version of the credential provider msi installer. Please give it a try.

Best regards