kiosk-type windows shell or how to surround employees with care and understanding
Not long ago, a friend of mine asked me to block all programs on my work computers, except for one and it was not an explorer :).
I tried to block the launch of all programs except the one needed through policies - but the explorer on the hot keys still started, but with it you can mess up a lot of things if you wish.
I tried to replace windows shell - I installed the right program instead of explorer.exe. But it turned out that, firstly, the required program works in graphic mode, and direct-x did not seem to have time to initialize and the program complained about its absence. Also, when exiting the program, the user session did not end.
')
I was still hoping to solve the problem with available tools.
The next step was a baht file with the launch of the desired program and logoff.exe after - so that when you exit the program the session is closed. Everything seems to be nothing, but first, the program continued to complain about the lack of direct X (although it was launched later), second, even by running the batch file in a minimized state, its window was visible — you can interrupt it, i.e. the user could, if desired, participate in the process and create problems, which is generally unacceptable.
I tried a basic script for the Vijayal script - but to launch it you need to launch the explorer with all the following circumstances (it is possible somehow without an explorer, but I didn’t find how).
Since I didn’t find a simple solution, I quickly decided to write a simple shell that will launch the necessary program and terminate the session upon its completion.
As a writing tool I downloaded the latest with ++ express visual studio, I made a program.
It turned out that if we immediately launch the graphics program, it also complains about the lack of direct-x, but if you launch it from the menu, it started silently and with pleasure.
I brought this shell to the computers - I found that the code was compiled under .net - and I considered it only for my micro program as blasphemy. When I came home and rummaged through the settings of the visual studio, I realized that I wouldn’t be able to get a clean win32 code - I’ll not even have a php programmer and I don’t have much desire to program thick solutions for a small-scale platform.
Not really upset, I decided to do the same thing on win32 api using the good old visual studio 6.0. At the same time I decided to add some amenities for myself, my beloved - for example, configuring the list of allowed programs through the registry (it is more difficult to protect the file from changes), i.e. All settings of this shell are stored in the global registry section, inaccessible for change for mere mortals. I also think to hang a hook on launching programs (if some advanced user launches the game of cards through the open or save file dialog) and either interrupt unresolved processes or prevent them from running at all - have not yet figured out how to correctly / easier to do). I also think to figure out how to copy files through the open or save file dialog - block them too, in general. Also, in theory, it is necessary to prohibit a simple user from mounting devices.
In general, the sunset manually :)
Who can already solved similar tasks? Here is a feeling that it is solved in three kicks, and here I am, God has spread the message that already.
I tried to block the launch of all programs except the one needed through policies - but the explorer on the hot keys still started, but with it you can mess up a lot of things if you wish.
I tried to replace windows shell - I installed the right program instead of explorer.exe. But it turned out that, firstly, the required program works in graphic mode, and direct-x did not seem to have time to initialize and the program complained about its absence. Also, when exiting the program, the user session did not end.
')
I was still hoping to solve the problem with available tools.
The next step was a baht file with the launch of the desired program and logoff.exe after - so that when you exit the program the session is closed. Everything seems to be nothing, but first, the program continued to complain about the lack of direct X (although it was launched later), second, even by running the batch file in a minimized state, its window was visible — you can interrupt it, i.e. the user could, if desired, participate in the process and create problems, which is generally unacceptable.
I tried a basic script for the Vijayal script - but to launch it you need to launch the explorer with all the following circumstances (it is possible somehow without an explorer, but I didn’t find how).
Since I didn’t find a simple solution, I quickly decided to write a simple shell that will launch the necessary program and terminate the session upon its completion.
As a writing tool I downloaded the latest with ++ express visual studio, I made a program.
It turned out that if we immediately launch the graphics program, it also complains about the lack of direct-x, but if you launch it from the menu, it started silently and with pleasure.
I brought this shell to the computers - I found that the code was compiled under .net - and I considered it only for my micro program as blasphemy. When I came home and rummaged through the settings of the visual studio, I realized that I wouldn’t be able to get a clean win32 code - I’ll not even have a php programmer and I don’t have much desire to program thick solutions for a small-scale platform.
Not really upset, I decided to do the same thing on win32 api using the good old visual studio 6.0. At the same time I decided to add some amenities for myself, my beloved - for example, configuring the list of allowed programs through the registry (it is more difficult to protect the file from changes), i.e. All settings of this shell are stored in the global registry section, inaccessible for change for mere mortals. I also think to hang a hook on launching programs (if some advanced user launches the game of cards through the open or save file dialog) and either interrupt unresolved processes or prevent them from running at all - have not yet figured out how to correctly / easier to do). I also think to figure out how to copy files through the open or save file dialog - block them too, in general. Also, in theory, it is necessary to prohibit a simple user from mounting devices.
In general, the sunset manually :)
Who can already solved similar tasks? Here is a feeling that it is solved in three kicks, and here I am, God has spread the message that already.
Source: https://habr.com/ru/post/44009/
All Articles