Minor thoughts on v1.6

  • Last Post 10 April 2018
  • Topic Is Solved
generrosity posted this 01 April 2018

This is based on v1.6.0.0, built 20/01/2018 15:59, on Windows 10 Enterprise (mostly for testing purposes against 2016)

If everything is already on your list, please do confirm, and close the discussion so it doesn't clutter your forum.

  • Windows .msi installed doesn't seem to have a log file confirming what options were chosen.

  • ADS logs hold passwords used in clear text.

  • ADS prompts users to go to: "Configuration -> Settings -> Defaults -> Licence Key" where it should be "Configuration -> New Instance Defaults -> Licence Key".

  • In ADS, can't change instance to run as a service at all. Amp Instance Manager creates services as NetworkService as it has to escalate for rights, and needs to be changed manually. Service account by default doesn't have rights to this, nor did it have run-as-service rights until a local admin granted it via services panel which isn't indicated anywhere.

  • Creating a new user with minimal roles still allows users to see "Configuration > Active Sessions" - for a specific role I have in mind to just start/stop applications would be nice to not have this. Can't see a way to block 'Active Sessions'. Would also like to remove 'Help and Support' potentially??

  • Banner - is this implemented? Maybe put a red " * Not Implemented *" if not? Same with Provider, and API stuff?

  • Title of page doesn't reflect which module you are logged into - such as "ADS DR Server - AMP - Application Management Panel" depending on the friendly name.

  • Other than custom.css, are there any other files that are not overwritten? Is customization of look currently restricted to custom.css manipulation? No quick way to swap logocolour or favicon within the app?

Thanks again for your time and dedication - especially to Mike on Discord answering the random questions.

Order By: Standard | Newest | Votes
generrosity posted this 01 April 2018

Also - taking a backup creates a "notification" but no onscreen progress, so have to monitor from AMP logs to see "Building file list..." "Backup not taken: New backup would cause limit to be reached." etc.

Mike posted this 01 April 2018

What passwords are held in clear text?

A user can always see their own sessions but not those of others without permission. But you're only on 1.6 rather than 1.7 so you're going to be missing a lot of stuff.

generrosity posted this 08 April 2018

The log file where the it is created and lists the command used

Mike posted this 09 April 2018

You need to be more specific. which password. Things like RCON passwords aren't considered a problem because they're temporary (new one every start) and you'd need local filesystem access to read them (at which point the system is compromised anyway) - although IIRC newer versions don't log it.

generrosity posted this 09 April 2018

Its the admin password for the newly created Minecraft instance. It would need either to have exploited the service account, or have ADS 'file manager' access which as you say would be fairly dire. Just making sure its all good.

The log is [[instancedir]][[ADS]]\AMP_Logs\AMPLOG [[date]].log

[22:30:18] [System:admin Debug]   : Building arguments list...
[22:30:18] [System:admin Debug]   : Running AMP with configuration arguments...
[22:30:18] [Core:admin Debug]     : Starting process [[instancedir]]\[[Minecraft]]\AMP.exe
[22:30:18] [Core:admin Debug]     : Working Directory: [[instancedir]]\[[Minecraft]]
[22:30:18] [Core:admin Debug]     : Arguments: -setpass [[admin password]] -configonly +MinecraftModule.Minecraft.PortNumber "25566" +Core.Webserver.Port "8091" 

Mike posted this 09 April 2018

Ah that is a valid issue. On 1.7 it uses the auth server feature but that's still less than ideal.

generrosity posted this 10 April 2018

Ta. I'll look at putting some of the nightlies through my system next.