Prevent access to directories

Posted on 2003-11-23
Last Modified: 2010-05-01
A search on this site shows that the solution to this question has been posted, but I cant access it. So I know it must be possible and Ill just re-ask it (since many of you will say its impossible).

I am making a security program for windows xp home. Basically, I just want the desktop to be available (therefore the user does not have access to any other part of the drive). I have prevented access to everything I needed, except I have one security flaw.
When the user opens a program (such as ms word) and clicks 'save' or 'open' they have access to the whole computer. If they were only able to browse the desktop and nothing else, my program would be complete.
Any suggestions?
I was able to disable the "Look in" combobox, but i do not know how to change it to the 'desktop' first. And it seems like microsoft word does not have the standard open and save dialog. so this method might not be such a great idea anyways (since the open dialog can differ from program to program).

If someone figures out a pretty flawless way to do this, let me know and ill increase the points to 500.

If nobody can think of a way to do this, should I just upgrade to windows xp pro? Will I be able to set up xp pro to do what I want (the only accessible directory would be the desktop)? (no points will be awarded to this last question about upgrading to xp pro, but if this happens to be the best solution, I just might give it the points)

Question by:createit
  • 3
  • 2

Assisted Solution

ToolMan earned 62 total points
ID: 9809884
i've been thinking about this issue too (for a few client on our network) cause i couldn't find the same the as you are looking for, i just set the localpolicy very strict and set NTFS rights on everything, so nothing can be deleted or modified by users.


Expert Comment

ID: 9813985
I get this clases in a Open dialog (with Spy++): SysListView32, SysTreeView32
search (every 1s) for windows with this classes, get hwnd and set visible=False with SendMessage API
Try It...

Author Comment

ID: 9820075
I played around with the NTFS rights, but theres a huge problem. When you restrict user access to the directories, not even the system has access to it. For example, if i restrict access to just "viewing" the windows directory, windows will not load for that user account. Or if I disable "viewing" rights to the program files folder, you wont even be able to run the programs in that directory. Is there a way to make it so that you just cannot view the contents of a folder, but still run everything within it? If so, that would be perfect and the points are yours.

I dont have any trouble detecting the open dialog box. I used a system hook to detect new classes that launch, and am able to detect what window is which by its classname, title, and childs.
I do not want to prevent the open dialog box from loading because people who use programs like word need to be able to open and save their documents. I just want to restrict this action to the desktop. Also I cant just hide the directory list, because you cant always control the default directory to be the 'desktop', and I will need a way to change it to that first.

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Accepted Solution

Djinn_ro earned 63 total points
ID: 9821053
make your own open (save) dialog with restriction
when you detect a standard open dialog, hide standard and show your dialog
when user close your dialog, pass the path to standard and simulate open(or save)_Click
Just a idea. Not ask how, I don't know... :)

Author Comment

ID: 9821606
That might be a pretty good idea. I should easily be able to code that. I just hope theres some better methods, because I already thought of a few cons with this...but it should definately do the job.
If nobody else gives me a better idea, youll get at least half the points for sure.

Ill go code the idea up right now until i get more suggestions and see how it goes.


Author Comment

ID: 9826806
I attempted to swap the open dialog box with mine, but there are many problems with that. I need to worry about the file types that can be opened, I need to worry about error handling if the user enters a file that the program cant open, the user will lose preview functionality, etc etc...It turned into a big mess.
I also played around with NTSF rights, and it just doesnt do what I want.

But I figured out a solution that does exactly what I want.. I will still split the points between the two of you for trying to help.

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question