Prevent access to directories

Posted on 2003-11-23
Last Modified: 2010-05-01
A search on this site shows that the solution to this question has been posted, but I cant access it. So I know it must be possible and Ill just re-ask it (since many of you will say its impossible).

I am making a security program for windows xp home. Basically, I just want the desktop to be available (therefore the user does not have access to any other part of the drive). I have prevented access to everything I needed, except I have one security flaw.
When the user opens a program (such as ms word) and clicks 'save' or 'open' they have access to the whole computer. If they were only able to browse the desktop and nothing else, my program would be complete.
Any suggestions?
I was able to disable the "Look in" combobox, but i do not know how to change it to the 'desktop' first. And it seems like microsoft word does not have the standard open and save dialog. so this method might not be such a great idea anyways (since the open dialog can differ from program to program).

If someone figures out a pretty flawless way to do this, let me know and ill increase the points to 500.

If nobody can think of a way to do this, should I just upgrade to windows xp pro? Will I be able to set up xp pro to do what I want (the only accessible directory would be the desktop)? (no points will be awarded to this last question about upgrading to xp pro, but if this happens to be the best solution, I just might give it the points)

Question by:createit
  • 3
  • 2

Assisted Solution

ToolMan earned 62 total points
Comment Utility
i've been thinking about this issue too (for a few client on our network) cause i couldn't find the same the as you are looking for, i just set the localpolicy very strict and set NTFS rights on everything, so nothing can be deleted or modified by users.


Expert Comment

Comment Utility
I get this clases in a Open dialog (with Spy++): SysListView32, SysTreeView32
search (every 1s) for windows with this classes, get hwnd and set visible=False with SendMessage API
Try It...

Author Comment

Comment Utility
I played around with the NTFS rights, but theres a huge problem. When you restrict user access to the directories, not even the system has access to it. For example, if i restrict access to just "viewing" the windows directory, windows will not load for that user account. Or if I disable "viewing" rights to the program files folder, you wont even be able to run the programs in that directory. Is there a way to make it so that you just cannot view the contents of a folder, but still run everything within it? If so, that would be perfect and the points are yours.

I dont have any trouble detecting the open dialog box. I used a system hook to detect new classes that launch, and am able to detect what window is which by its classname, title, and childs.
I do not want to prevent the open dialog box from loading because people who use programs like word need to be able to open and save their documents. I just want to restrict this action to the desktop. Also I cant just hide the directory list, because you cant always control the default directory to be the 'desktop', and I will need a way to change it to that first.

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!


Accepted Solution

Djinn_ro earned 63 total points
Comment Utility
make your own open (save) dialog with restriction
when you detect a standard open dialog, hide standard and show your dialog
when user close your dialog, pass the path to standard and simulate open(or save)_Click
Just a idea. Not ask how, I don't know... :)

Author Comment

Comment Utility
That might be a pretty good idea. I should easily be able to code that. I just hope theres some better methods, because I already thought of a few cons with this...but it should definately do the job.
If nobody else gives me a better idea, youll get at least half the points for sure.

Ill go code the idea up right now until i get more suggestions and see how it goes.


Author Comment

Comment Utility
I attempted to swap the open dialog box with mine, but there are many problems with that. I need to worry about the file types that can be opened, I need to worry about error handling if the user enters a file that the program cant open, the user will lose preview functionality, etc etc...It turned into a big mess.
I also played around with NTSF rights, and it just doesnt do what I want.

But I figured out a solution that does exactly what I want.. I will still split the points between the two of you for trying to help.

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now