createit
asked on
Prevent access to directories
A search on this site shows that the solution to this question has been posted, but I cant access it. So I know it must be possible and Ill just re-ask it (since many of you will say its impossible).
I am making a security program for windows xp home. Basically, I just want the desktop to be available (therefore the user does not have access to any other part of the drive). I have prevented access to everything I needed, except I have one security flaw.
When the user opens a program (such as ms word) and clicks 'save' or 'open' they have access to the whole computer. If they were only able to browse the desktop and nothing else, my program would be complete.
Any suggestions?
I was able to disable the "Look in" combobox, but i do not know how to change it to the 'desktop' first. And it seems like microsoft word does not have the standard open and save dialog. so this method might not be such a great idea anyways (since the open dialog can differ from program to program).
If someone figures out a pretty flawless way to do this, let me know and ill increase the points to 500.
If nobody can think of a way to do this, should I just upgrade to windows xp pro? Will I be able to set up xp pro to do what I want (the only accessible directory would be the desktop)? (no points will be awarded to this last question about upgrading to xp pro, but if this happens to be the best solution, I just might give it the points)
Thanks.
I am making a security program for windows xp home. Basically, I just want the desktop to be available (therefore the user does not have access to any other part of the drive). I have prevented access to everything I needed, except I have one security flaw.
When the user opens a program (such as ms word) and clicks 'save' or 'open' they have access to the whole computer. If they were only able to browse the desktop and nothing else, my program would be complete.
Any suggestions?
I was able to disable the "Look in" combobox, but i do not know how to change it to the 'desktop' first. And it seems like microsoft word does not have the standard open and save dialog. so this method might not be such a great idea anyways (since the open dialog can differ from program to program).
If someone figures out a pretty flawless way to do this, let me know and ill increase the points to 500.
If nobody can think of a way to do this, should I just upgrade to windows xp pro? Will I be able to set up xp pro to do what I want (the only accessible directory would be the desktop)? (no points will be awarded to this last question about upgrading to xp pro, but if this happens to be the best solution, I just might give it the points)
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Toolman,
I played around with the NTFS rights, but theres a huge problem. When you restrict user access to the directories, not even the system has access to it. For example, if i restrict access to just "viewing" the windows directory, windows will not load for that user account. Or if I disable "viewing" rights to the program files folder, you wont even be able to run the programs in that directory. Is there a way to make it so that you just cannot view the contents of a folder, but still run everything within it? If so, that would be perfect and the points are yours.
Djinn,
I dont have any trouble detecting the open dialog box. I used a system hook to detect new classes that launch, and am able to detect what window is which by its classname, title, and childs.
I do not want to prevent the open dialog box from loading because people who use programs like word need to be able to open and save their documents. I just want to restrict this action to the desktop. Also I cant just hide the directory list, because you cant always control the default directory to be the 'desktop', and I will need a way to change it to that first.
Thanks
I played around with the NTFS rights, but theres a huge problem. When you restrict user access to the directories, not even the system has access to it. For example, if i restrict access to just "viewing" the windows directory, windows will not load for that user account. Or if I disable "viewing" rights to the program files folder, you wont even be able to run the programs in that directory. Is there a way to make it so that you just cannot view the contents of a folder, but still run everything within it? If so, that would be perfect and the points are yours.
Djinn,
I dont have any trouble detecting the open dialog box. I used a system hook to detect new classes that launch, and am able to detect what window is which by its classname, title, and childs.
I do not want to prevent the open dialog box from loading because people who use programs like word need to be able to open and save their documents. I just want to restrict this action to the desktop. Also I cant just hide the directory list, because you cant always control the default directory to be the 'desktop', and I will need a way to change it to that first.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Djinn,
That might be a pretty good idea. I should easily be able to code that. I just hope theres some better methods, because I already thought of a few cons with this...but it should definately do the job.
If nobody else gives me a better idea, youll get at least half the points for sure.
Ill go code the idea up right now until i get more suggestions and see how it goes.
Thanks
That might be a pretty good idea. I should easily be able to code that. I just hope theres some better methods, because I already thought of a few cons with this...but it should definately do the job.
If nobody else gives me a better idea, youll get at least half the points for sure.
Ill go code the idea up right now until i get more suggestions and see how it goes.
Thanks
ASKER
I attempted to swap the open dialog box with mine, but there are many problems with that. I need to worry about the file types that can be opened, I need to worry about error handling if the user enters a file that the program cant open, the user will lose preview functionality, etc etc...It turned into a big mess.
I also played around with NTSF rights, and it just doesnt do what I want.
But I figured out a solution that does exactly what I want.. I will still split the points between the two of you for trying to help.
Thanks
I also played around with NTSF rights, and it just doesnt do what I want.
But I figured out a solution that does exactly what I want.. I will still split the points between the two of you for trying to help.
Thanks
search (every 1s) for windows with this classes, get hwnd and set visible=False with SendMessage API
but....
Try It...