问题描述
我们有一个Windows应用程序(C#.NET),我们会为客户提供安装程序。的要求是,一旦应用程序已安装,用户应不能编辑系统的时间/日期。这是为了确保该应用程序生成的日期/报告不操纵。我的目标操作系统是的Win-XP什么是做到这一点的最好方法是什么?
We have a windows application (C# .net) and we'll be giving installers to client. The requirement is that once the application has been installed , user should not be able to edit the system time/date . This is to make sure that the application generated dates/reports are not manipulated.My target OS is Win-XPWhat is the best way to do that ?
操作系统是否提供任何工具来做到这一点?
Does OS provide any facility to do that ?
客户机是一个独立的机器,而不是在任何网络上。
Client machine is a stand alone machine and is not on any network.
在此先感谢
推荐答案
由于这里说的已经,您可以使用组策略,但他们很容易规避。此外,您的客户可能敌对反应(这是理所当然的),如果您的应用程序做到这一点。不过,如果你的应用是在一个封闭的网络,跟我们的系统管理员,并把它推出的一项政策。
As said here already, you can use group policies, but they are easily circumvented. Also, your customers may react hostile (rightfully so) if your app does that. Still, in case your application is in a closed network, talk to the sysadmin and get it rolled out as a policy.
如果你真的需要一个值得信赖的时间源,那么这样做:编写一个Web服务或使用现有的NTP服务您的应用程序接触和使用由受信任的服务返回的时间。然后使用签名技术来prevent之后使用报告被篡改。
If you really need a trusted time source, then do so: Write a Web Service or use an existing NTP Service that your application contacts and use the time returned by that trusted service. Then use signing techniques to prevent tampering with the reports afterwards.
缺点:您需要互联网接入。可能是有自己的网络内客户端安装一个NTP服务器(AFAIK的Windows域控制器可以自动做到这一点?),并用它,但客户端可以再次篡改它。
Downside: you need internet access. Possibility is to have the client setup a NTP Server within their network (AFAIK Windows Domain Controllers can do that automatically?) and use that, but then the client can again tamper with it.
但底线是:联系一个Web服务,使硬篡改或使用组策略来进行篡改容易。制作篡改不可能是不可能的呢。
But bottom line is: Contact a webservice to make tampering hard or use group policies to make tampering easy. Making tampering impossible isn't possible anyway.
这篇关于更改系统的日期/时间阻止用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!