A core feature of Fabasoft products is the management of a varied range of content. This includes running the tools needed for viewing and editing content like documents or pictures.
These tools are required to be installed on client devices.
The native client identifies the type of content and uses mechanisms of the client operating system to map a tool to the identified type. The native client honors security policies of the client operating system and adds Fabasoft-specific security structures on top of the operating system.
When performing operations like viewing, editing or playing content the native client runs tools installed on the device. Which tool has to perform a given operation on a given type of content is determined by mechanisms defined by the Microsoft Windows Shell. These mechanisms are described in
https://docs.microsoft.com/en-us/windows/win32/shell/default-programs: new window
https://docs.microsoft.com/en-us/windows/win32/shell/fa-verbs: new window
In addition, the native client defines restriction points applying to Fabasoft products only. These are part of the broader customization mechanisms for running tools, defined by the registry sub tree HKEY_CURRENT_USER\Software\Fabasoft\Process Parameters.
In the root of this tree one of two policies can be declared:
This security policy is the less secure tool restriction mode. It is therefore switched off by default. Any program not restricted by operating system policies and not explicitly disallowed by the native client is allowed to run. To explicitly disallow the execution of a tool, there must be a registry key HKEY_CURRENT_USER\Software\Fabasoft\Process Parameters\<base name of the tool executable> holding a named value of type DWORD with the name DisallowRun and the value “1”.
The setting in this example does not allow loading any executable from a file with the base name “notepad”. The base name comparison is case-insensitive.
If the native client security is set to “Black”, the following executables are disallowed by default:
For any of these executables, no registry entry is needed to disallow its execution. If there is an explicit entry, execution can be allowed by setting the named value DisallowRun to the value “0”.
This is the default native client security mode. Tool execution is restricted to an explicit list of executables. Only executables defined by that list can be executed within a Fabasoft product if not restricted by operating system policies.
To explicitly allow the execution of a tool, there must be a registry key HKEY_CURRENT_USER > Software > Fabasoft > Process Parameters > <base name of the tool executable> holding a named value of type DWORD with the name AllowRun and the value “1”.
The setting in this example allows loading an executable from a file with the base name “tracer”. The base name comparison is case-insensitive.
If the native client security is set to any value other than “Black“, the following executables are allowed by default:
For any of these executables, no registry entry is needed to allow its execution.
Document properties allow you to embed read-only metadata in documents edited with Microsoft Word. Before you can insert document properties into a Microsoft Word document, you have to activate the Fabasoft Cloud COM add-in that is installed with the native client. To enable the COM add-in, click the Office button and click “Word Options”. In the dialog box, click “Add-Ins”, select “COM Add-Ins” in the Manage drop-down list box and click “Go”. In the dialog box that is opened, select “Fabasoft Cloud Word Extension” and click “OK”.
Note: The document properties will only be refreshed when opening the document, if the add-in is active.
The COM add-in can be activated manually as described above, or the corresponding registry keys can be deployed after installing the native client.
"FriendlyName"="Fabasoft Cloud Word Extension"
To be able to edit or read a document in a third-party product the document file has to be stored temporarily on the client. The location of the temporary files can be manually defined by setting the following registry key:
The directory path can be defined the following way: