MKS Inc.
Quick Links
Register Software
Report a Problem
Supported Versions
Support Services
Support Policies
Update Policy
Help me choose which MKS Product will best fit our needs (MKS Toolkit; MKS X/Server)

Request an Evaluation Copy
Buy Now
 
More Information
Contact Us
 Tech Notes Tech Notes
Additional Information

Tech Note: Windows Terminal Services and NuTCRACKER Platform Applications

Windows Terminal Services virtualize an entire Win32 environment in such a way that applications running in one Terminal Server Session cannot inadvertently interfere with applications running in another session.

The very nature of UNIX applications is that they expect there to be one and only one machine and that applications in one session ought to be able to communicate with applications in another session.

Since the NuTCRACKER Platform is a well behaved Win32 library and is fully Terminal Services aware it prefixes object names (such as synchronization objects and shared memory) with a "GLOBAL\" name. This means that all applications linked to the NuTCRACKER Platform in all Terminal Server sessions will communicate with the NuTCRACKER Service and with each other as expected.

With Windows 2003 Server and Windows 2000 Service Pack 4, Microsoft has disallowed non-privileged users from creating global objects. There is a new privilege Create Global Objects (SeGlobalName) which is needed in order to create, but not access, a global named object.

MKS had two options for solving the problem:

  1. have the NuTCRACKER Service create all objects on behalf of the applications
  2. require that users running applications dependent upon the NuTCRACKER Platform have the SeGlobalName privilege
The first possibility felt very much like a covert channel to the development team and so was discounted. The SeGlobalName privilege is assigned in the Local Rights Assignment page of the Domain Controller Security policy or the Local Security Policy tools under the Administrative Tools menu. Pick Create Global Name and add users or groups of users to that privilege or see the priv.exe man page for a command line alternative. Depending upon your needs, add Everyone or more restricting groups or users.


Managed with Integrity [ UNIX on Windows Home | Site Map | MKS Toolkit Products | Lex & Yacc | Sales | Services | News | Support | RSS ]
[ PC X Server | Secure Shell (SSH) Solutions | Application Lifecycle Management Information | Feedback | mks.de | mks.com ]
© 1995 - 2010 MKS Inc. All Rights Reserved