Require Console Password

To use this menu selection, you must have started the console as administrator (right click and select Run as administrator).

If you click this menu selection when it is unchecked, a dialog box opens asking you to input a password (twice). If the two entries are the same, then that entry will be set as the password required to run the console and this menu selection becomes checked. Subsequent attempts to run the console by any user on the machine will require this password to run.

NDC does not store this password, only a PC specific Windows Cryptography Next Generation API computed HMACSHA512 one-way secure hash of it. That means it is considered to not be mathematically possible to recover that password from your PC. Even NDC does not know the NDC console password. That means that if you set this feature it's important not to forget your password as it can't be retrieved, even by NDC itself. So it is important that any password be safely stored.*

If you click this menu selection when it is checked, a dialog box opens asking you to input the existing console password. If the entry is correct (i.e. the computed one-way secure hash matches the stored computed one-way hash of the correct password), then the password is cleared and this menu selection becomes unchecked, and the Change Console Password menu selection will be grayed out. Subsequent attempts to run the console will not require any password to run.

If the encrypted storage area associated with the console password becomes corrupted or missing, even if the console password feature is turned off, then the console will not run.

While this feature locks the console program, if a user has admin privileges and replaces the console with an older version of NDC, that older version will see the drive mapping database as corrupted. Depending on the version, it could still be used to delete the "corrupted" drive mappings and create new ones. If preventing users from making drive mapping changes is really important to you, you need to use Windows Group Policies to limit what your users can install & execute rather than rely on locking the console. See Preventing Changes for more information.

I will also say that this is a feature people asked for but I don't use. That means that despite my testing, the likelihood of a bug is higher with this feature. Please let me know if you have any issues.

*My personal choice for a password manager is the free open sourced application, Password Safe designed by renowned security technologist Bruce Schneier. Password Safe supports Two Factor Authentication via Yubikey.

Network Drive Control is Copyright © 2015-2024 by Michael J. Burns. All Rights Reserved. Reg No. TX 8-160-870 Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.