Share via

KITL Security Warning

  • Article

This dialog box warns you that when the Kernel Independent Transport Layer (KITL) is enabled on a platform, certain security risks could potentially arise. The dialog box presents you with the option of enabling or disabling the device, to which you are downloading an image, access to your development workstation.

Yes

Enables access to directories.

The following issues should be considered when choosing this option:

  • The bootable device registry key Allow Remote Access to Local File System is set to 1, allowing access to the current platform's %_FLATRELEASEDIR% directory. This key is set every time an image is booted.
  • The list of allowed directories in the HKEY_CURRENT_USER\Software\Microsoft\Windows CE Tools\Platform Manager\PPFSAccess registry key on the development workstation contains only entries you add. Those directories are open to possible security risks because remote access to the directories has been enabled.
  • Enabling access to a directory also grants access to sub-folders.
  • This enables Parallel Port File System (PPFS) access to a remote machine. The PPFS service provides a means for a target device to access files on a development workstation.

No

Disables access to directories.

The following issues should be considered when choosing this option:

  • The bootable device registry key Allow Remote Access to Local File System is set to 0, disabling access to the current platform's %_FLATRELEASEDIR% directory. This key is set every time an image is booted.

  • Remote access to the list of allowed directories in the HKEY_CURRENT_USER\Software\Microsoft\Windows CE Tools\Platform Manager\PPFSAccess registry key on the development workstation is disabled.

  • The downloaded OS will not be able to start applications or modules located in the %_FLATRELEASEDIR% directory.

  • Applications that are located in the %_FLATRELEASEDIR% directory cannot be run from the Run Programs dialog box access from the Tools menu.

  • If cemgrc and its associated .dll files are not built into the image downloaded to the device, the CESH startup server is disabled, and as a result, all remote tools are also disabled.

    Note   All directories listed in the HKEY_CURRENT_USER\Software\Microsoft\Platform Builder\4.20\General\PPFSAccess registry key on the device are vulnerable to potential attack.

Do not display this message again

Sets the bootable device registry key Allow Remote Access to Local File System based on the HKEY_CURRENT_USER\Software\Microsoft\Windows CE Tools\Platform Manager\PPFSAccess\AllowPPFSAccess registry key.

See Also

Kernel Independent Transport Layer | KITL Transport | PPFS Service | CESH, DBGMSG, and PPFS Connectivity Services

 Last updated on Wednesday, April 14, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.