Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Prevent access to directories

Posted on 2003-11-23
Medium Priority
Last Modified: 2010-05-01
A search on this site shows that the solution to this question has been posted, but I cant access it. So I know it must be possible and Ill just re-ask it (since many of you will say its impossible).

I am making a security program for windows xp home. Basically, I just want the desktop to be available (therefore the user does not have access to any other part of the drive). I have prevented access to everything I needed, except I have one security flaw.
When the user opens a program (such as ms word) and clicks 'save' or 'open' they have access to the whole computer. If they were only able to browse the desktop and nothing else, my program would be complete.
Any suggestions?
I was able to disable the "Look in" combobox, but i do not know how to change it to the 'desktop' first. And it seems like microsoft word does not have the standard open and save dialog. so this method might not be such a great idea anyways (since the open dialog can differ from program to program).

If someone figures out a pretty flawless way to do this, let me know and ill increase the points to 500.

If nobody can think of a way to do this, should I just upgrade to windows xp pro? Will I be able to set up xp pro to do what I want (the only accessible directory would be the desktop)? (no points will be awarded to this last question about upgrading to xp pro, but if this happens to be the best solution, I just might give it the points)

Question by:createit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Assisted Solution

ToolMan earned 124 total points
ID: 9809884
i've been thinking about this issue too (for a few client on our network) cause i couldn't find the same the as you are looking for, i just set the localpolicy very strict and set NTFS rights on everything, so nothing can be deleted or modified by users.


Expert Comment

ID: 9813985
I get this clases in a Open dialog (with Spy++): SysListView32, SysTreeView32
search (every 1s) for windows with this classes, get hwnd and set visible=False with SendMessage API
Try It...

Author Comment

ID: 9820075
I played around with the NTFS rights, but theres a huge problem. When you restrict user access to the directories, not even the system has access to it. For example, if i restrict access to just "viewing" the windows directory, windows will not load for that user account. Or if I disable "viewing" rights to the program files folder, you wont even be able to run the programs in that directory. Is there a way to make it so that you just cannot view the contents of a folder, but still run everything within it? If so, that would be perfect and the points are yours.

I dont have any trouble detecting the open dialog box. I used a system hook to detect new classes that launch, and am able to detect what window is which by its classname, title, and childs.
I do not want to prevent the open dialog box from loading because people who use programs like word need to be able to open and save their documents. I just want to restrict this action to the desktop. Also I cant just hide the directory list, because you cant always control the default directory to be the 'desktop', and I will need a way to change it to that first.

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Accepted Solution

Djinn_ro earned 126 total points
ID: 9821053
make your own open (save) dialog with restriction
when you detect a standard open dialog, hide standard and show your dialog
when user close your dialog, pass the path to standard and simulate open(or save)_Click
Just a idea. Not ask how, I don't know... :)

Author Comment

ID: 9821606
That might be a pretty good idea. I should easily be able to code that. I just hope theres some better methods, because I already thought of a few cons with this...but it should definately do the job.
If nobody else gives me a better idea, youll get at least half the points for sure.

Ill go code the idea up right now until i get more suggestions and see how it goes.


Author Comment

ID: 9826806
I attempted to swap the open dialog box with mine, but there are many problems with that. I need to worry about the file types that can be opened, I need to worry about error handling if the user enters a file that the program cant open, the user will lose preview functionality, etc etc...It turned into a big mess.
I also played around with NTSF rights, and it just doesnt do what I want.

But I figured out a solution that does exactly what I want.. I will still split the points between the two of you for trying to help.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question