Solved

Visual Basic - Load OCX (DLL) files manually to avoid Registry actions (Administrative Rights)

Posted on 2003-11-27
9
2,170 Views
Last Modified: 2007-12-19
First, let me give you an idea of what we're trying to do

PROBLEM: We're working with a client to provide a product that will users to bypass Administrative Rights and use the software.

I'm presuming that their security structure is similar to Windows XP's "Limited Access" mode for assigning users... ie:

CAN
-----
- Copy files/Create Folders
- Run files (ie: EXE)

CAN'T
-------
- Copy files to "Program Files" or to System Folders (ie: Windows, System32)
- Write to user's registry

Our software requires some OCX files (ie: RichTX32.ocx, MSCAL.ocx, etc)

QUESTION:  Is it possible to load the OCX files within VB, so the files would not need to be copied to the System32 folder, not registered.

Thanks!
0
Comment
Question by:kirkhilles
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 14

Expert Comment

by:aelatik
ID: 9832948
Try keeping the OCX in the same directory as your program. Could work..
0
 

Author Comment

by:kirkhilles
ID: 9832960
Aelatik,

Good thought, but I've already tried that with no luck.  When I try to run the application with the files in anywhere but the System32 folder, I get an error "Out of Memory"

I've also tried setting the PATH via command line, but that didn't work either.
0
 
LVL 14

Expert Comment

by:aelatik
ID: 9832977
So your app does see the OCX but throws memory errors ? Do the OCX depend on other files ?
0
 
LVL 7

Expert Comment

by:wsteegmans
ID: 9833780
The location of OCX and DLL files is not important. It's no problem if they are outside the System32-folder.

However, because you can't register them, I think it will be impossible to use them. Because, when you register them, an entry is created in the registry with the name of you OCX/DLL, location (path) the ClassID (GUID) and so on.

So, I think it's impossible to use OCX and DLL files without registring them?

But, is there a possibility on these computers to execute a .reg-file? A .reg-file stores Register-Keys and when you double click on it, they are imported into the registry.

---------------------- Example of a registry File -> Try to execute it ----------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\MyProgram]
"MyValue"="My Value Data"

---------------------- Example of a registry File -> Try to execute it ----------------------

If you can, you could try to find all the registry-keys written to the registry when registering a DLL/OCX. If you store all these keys in a .reg-file and you can execute it, I think it will be the same as you would register it.

We use this method to install the Authorware WebPlayer Plugin. What we do, we copy first all the files to a folder (not WinNT, not Program Files). Then, we adapt our self-made .reg-file with the new file-paths. If ready, we execute the .reg-file, so all the keys (ClassIDs, Paths, ...) are imported into the registry.

I did the job myself (looking for all the keys), but there are also programs that locates all keys connected to a given program or DLL/OCX.

Can you run these .reg-files on these computers?

Regards!
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:kirkhilles
ID: 9834223
Unfortunately, I believe that they can NOT run the .REG file (I was unable to run it in Windows XP Limited Access mode, but could as an Administrator)

The reason I mention the location of the OCX is, is that the software loads if the RichTX32.ocx file is copied to the SYSTEM32 folder (on a fresh Windows XP Pro install), but gives an error if its not.

I could, however, be wrong about them not able to install the .REG file; I just know they are using Windows XP and the "Limited" mode seemed to meet their restrictions (not being able to install to the registry)

Did your client/company have the same restrictions?  
0
 
LVL 14

Accepted Solution

by:
aelatik earned 500 total points
ID: 9835445
0
 
LVL 3

Expert Comment

by:Informative
ID: 9839920
No.  You can't use unregistered OCX controls.  Take this CCRP controls project download for example:  http://www.mvps.org/ccrp/download/controls/ccrpvb6pack.zip

This includes a zip file named ccrpftv6-10
which includes a program named   ccrpRegUtil.exe   very handy!

I've got this associated with the OCX extension so I can double click any OCX file and have it registered into the registry so that it may then be selected from tools toolbars and control reference lists as well as being inserted and used from Office or VB applications without getting the control not registered error.

The bottom line is, there is no magic wand to give people rights you have deliberately revoked with policy editor.  If you want to have a bulletproof safe user machine population protected from installing garbage like screensavers, garfield mouse cursors and other viruses and protect them from mangling their registry - for ease of support, then you will also have locked them out of installing beneficial applications as well..

Have your application added to the baseline image or at very least have the control registered in the baseline distributed user desktop image.

If you cannot get your controls registered with this CCRPREGUTIL (above) then you should either use some sort of Administrator login script with Admin rights or remote configuration management to register the control for all users OR have them log in with admin rights to the local machine just long enough to register the control or install the program or else you will need to do without the control.  There is no way around this security that I am aware of.
0
 
LVL 7

Expert Comment

by:wsteegmans
ID: 9840877
> Did your client/company have the same restrictions?
Don't know. They used the package more to push the software to the clients ... So, I guess they were using SMS (System Management Server) or any script to push the files and the Registry-values ...

I know if the admin didn't his work like he should be, this .reg sometimes works.

But, like Informative mentions, ... If your user has really no access to the registry, there is no work-arround to get your OCX/DLL in the registry

If there was a work arround, it must be a security hole that would be quickly repaired with a new patch :-)

Regards!
0
 

Author Comment

by:kirkhilles
ID: 9848345
Thanks all,

The "Thinstall" software achieves the goal nearly perfectly.

Anyone know where we can find it cheaper than the $750 on their website?
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now