How to make Windows inaccessible from my software user?

[Jochen Kalmbach [MVP]]

Hi Mahesh!

(removed wrong groups)...

1. When a PC starts, my software should come up directly without any user
interaction.

Write a service:
http://www.codeproject.com/system/ServiceBase.asp

2. Only my software will be accessible to the user and they will not be able
to access anything from Windows - nothing at all.
3. A super user can access the software as well as the full windows

Only create one user-account (admin)...


--
Greetings
Jochen

My blog about Win32 and .NET
http://blog.kalmbachnet.de/

 

[Mahesh Devjibhai Dhola]

Hi all,
The following are my need:
1. When a PC starts, my software should come up directly without any user
interaction.
2. Only my software will be accessible to the user and they will not be able
to access anything from Windows - nothing at all.
3. A super user can access the software as well as the full windows

The windows OS may be windows 2k, windows XP or windows 2k3.

Temp solution:
I can place my software in start-up and will make it full screen, without
any control buttons like minimize, maximize, close, resize etc so user will
see always my software at start up.
Problems: Some one can restart PC and in Safe-mode or other options they can
use and they may access windows and if I am disabling all these options
some-how then when we need PC access for maintenance or some other
administrative purpose then it will not be available to me. So, for that I
will create a super user account in my software through which super user can
access the window.
Also, if I make Alt + Ctrl + Del, Alt + Tab, Ctrl + Shift + Esc, Windows +
D, Windows + E, Windows + R etc keys disable then I will need to manipulate
all these keys individually and may be there will be lot more.

So I need some way through which I can restrict the normal user to access
anything from windows and they will only be able to access my software
only - nothing else and a super user can access the software as well as
normal windows access too - and all I want to do programmatically and if
possible using only C# - but its not hard requirement - I can use other
languages too.

I heard about user - security policies but I don't know any programmatic way
to work with it, also dont know what and how to do....

Any pointers/help or your guidance will be very much helpful to me

Thanks in Advance,

Mahesh Devjibhai Dhola
"Empower yourself...."

 

[Bruno van Dooren]

you could use a service, but this does not prevent someone from logging off
or starting a new process by ctrl alt del, selecting File->new task manager
and selecting 'new process' from the menu.
also, placing your app full screen does not prevent someone from pressing
the windows key to show the start menu, so some problems remain.

another solution is to replace the windows shell. for more info see
http://shellcity.net/

that way, only your application would be started, and not the windows shell
with the desktop, explorer, ...
some googling should reveal more articles about this topic.

kind regards,
Bruno.

 

[Jochen Kalmbach [MVP]]

Hi Bruno!

you could use a service, but this does not prevent someone from logging off
or starting a new process by ctrl alt del, selecting File->new task manager
and selecting 'new process' from the menu.

If no-one can logon, why is there a chance to log-off???

another solution is to replace the windows shell. for more info see
http://shellcity.net/

that way, only your application would be started, and not the windows shell
with the desktop, explorer, ...

But if a user is admin or has apropriate right on the registry it does
not really help you...


The only solution is to remove all accounts except the "admin-account"
and let your program run as service...


--
Greetings
Jochen

My blog about Win32 and .NET
http://blog.kalmbachnet.de/

 

[Bruno van Dooren]

The only solution is to remove all accounts except the "admin-account" and

let your program run as service...

i agree with you 100% in everything.
the only snag is that i had the impression that his application runs with a
user interface
"Only my software will be accessible to the user"

while it is possible to run services with a GUI, it is discouraged by
microsoft.
that doesn't prevent you from doing it of course. i have done it myself on
one occasion where it was required by the customer.

the problem that came up is that it is apparently not possible to show a
user interface on top of the 'Logon' screen. as soon as someone logs on the
service GUI appears. as soon as the user logs off, it disappears again.
i didn't find a workaround for this, but in my situation it was not
important.

that is why i think progamming a service is not going to solve his problem.

another approach would be to replace the explorer with IE and run the
application as a kiosk style web application. this is documented in MSDN.

kind regards,
Bruno.

 

[Nicholas Paldino [.NET/C# MVP]]

Mahesh,

What you are looking for is a kiosk app. I would do a google search on
it (and maybe windows as well) and see what that turns up. It should give
you some information you are looking for.

Hope this helps.

 

[Willy Denoyette [MVP]]

|> The only solution is to remove all accounts except the "admin-account"
and
| > let your program run as service...
|
| i agree with you 100% in everything.
| the only snag is that i had the impression that his application runs with
a
| user interface
| "Only my software will be accessible to the user"
|
| while it is possible to run services with a GUI, it is discouraged by
| microsoft.
| that doesn't prevent you from doing it of course. i have done it myself on
| one occasion where it was required by the customer.
|
| the problem that came up is that it is apparently not possible to show a
| user interface on top of the 'Logon' screen. as soon as someone logs on
the
| service GUI appears. as soon as the user logs off, it disappears again.
| i didn't find a workaround for this, but in my situation it was not
| important.
|
| that is why i think progamming a service is not going to solve his
problem.
|
| another approach would be to replace the explorer with IE and run the
| application as a kiosk style web application. this is documented in MSDN.
|
| kind regards,
| Bruno.
|
|

It's not only discouraged, Vista no longer supports it. Services do run in a
non-interactive user context, the user's profile is not loaded, that means
you have to enable "interact with the desktop" and run as localsystem and
you have to load the users profile and the environment block, you need to
disable all controls that could allow the user to access the desktop (the
shell). Sure you can replace the shell as well. The largest drawback of this
all is if the application crashes, it returns control to the desktop (the
shell) but the user runs as localsystem (SYSTEM), so make sure your shell is
really restricted.

Willy.

 

[Rocky]

Try this out. It's in VB but I'm sure you can figure it out.
http://vbaccelerator.com/home/VB/Code/Libraries/Windows/Creating_New_Desktops/article.asp

Mahesh,

What you are looking for is a kiosk app. I would do a google search on
it (and maybe windows as well) and see what that turns up. It should give
you some information you are looking for.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi all,
The following are my need:
1. When a PC starts, my software should come up directly without any user
interaction.
2. Only my software will be accessible to the user and they will not be
able
to access anything from Windows - nothing at all.
3. A super user can access the software as well as the full windows

The windows OS may be windows 2k, windows XP or windows 2k3.

Temp solution:
I can place my software in start-up and will make it full screen, without
any control buttons like minimize, maximize, close, resize etc so user
will
see always my software at start up.
Problems: Some one can restart PC and in Safe-mode or other options they
can
use and they may access windows and if I am disabling all these options
some-how then when we need PC access for maintenance or some other
administrative purpose then it will not be available to me. So, for that
I
will create a super user account in my software through which super user
can
access the window.
Also, if I make Alt + Ctrl + Del, Alt + Tab, Ctrl + Shift + Esc, Windows
+
D, Windows + E, Windows + R etc keys disable then I will need to
manipulate
all these keys individually and may be there will be lot more.

So I need some way through which I can restrict the normal user to access
anything from windows and they will only be able to access my software
only - nothing else and a super user can access the software as well as
normal windows access too - and all I want to do programmatically and if
possible using only C# - but its not hard requirement - I can use other
languages too.

I heard about user - security policies but I don't know any programmatic
way
to work with it, also dont know what and how to do....

Any pointers/help or your guidance will be very much helpful to me

Thanks in Advance,

Mahesh Devjibhai Dhola
"Empower yourself...."

 

[Me]

Any thoughts on if this works on PDA devices (PPC and/or WinCE)? I gave it a
quick try and got some errors - chopped up your code to remove all the
unsupported stuff I could find and then got an unsupported exception in
CreateDesktop().

Thanks

Try this out. It's in VB but I'm sure you can figure it out.
http://vbaccelerator.com/home/VB/Code/Libraries/Windows/Creating_New_Desktops/article.asp

Mahesh,

What you are looking for is a kiosk app. I would do a google search
on it (and maybe windows as well) and see what that turns up. It should
give you some information you are looking for.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi all,
The following are my need:
1. When a PC starts, my software should come up directly without any
user
interaction.
2. Only my software will be accessible to the user and they will not be
able
to access anything from Windows - nothing at all.
3. A super user can access the software as well as the full windows

The windows OS may be windows 2k, windows XP or windows 2k3.

Temp solution:
I can place my software in start-up and will make it full screen,
without
any control buttons like minimize, maximize, close, resize etc so user
will
see always my software at start up.
Problems: Some one can restart PC and in Safe-mode or other options they
can
use and they may access windows and if I am disabling all these options
some-how then when we need PC access for maintenance or some other
administrative purpose then it will not be available to me. So, for that
I
will create a super user account in my software through which super user
can
access the window.
Also, if I make Alt + Ctrl + Del, Alt + Tab, Ctrl + Shift + Esc, Windows
+
D, Windows + E, Windows + R etc keys disable then I will need to
manipulate
all these keys individually and may be there will be lot more.

So I need some way through which I can restrict the normal user to
access
anything from windows and they will only be able to access my software
only - nothing else and a super user can access the software as well as
normal windows access too - and all I want to do programmatically and if
possible using only C# - but its not hard requirement - I can use other
languages too.

I heard about user - security policies but I don't know any programmatic
way
to work with it, also dont know what and how to do....

Any pointers/help or your guidance will be very much helpful to me

Thanks in Advance,

Mahesh Devjibhai Dhola
"Empower yourself...."

 

[Tamas Demjen]

Also, if I make Alt + Ctrl + Del, Alt + Tab, Ctrl + Shift + Esc, Windows +
D, Windows + E, Windows + R etc keys disable then I will need to manipulate
all these keys individually and may be there will be lot more.

I can strongly recommend KCSDK from Meliora Software, which does exactly
what you want. I have very good experience with it (with a kiosk
application that we developed). It can disable any key combination
(Ctrl+Esc, Ctrl+Alt+Del, Alt+Tab):

http://www.meliorasoft.com/kits/keyboard/index.php

Tom