Image viewer lockdown

I need one of two things.
1. I need to lock down the Windows Fax and Image viewer to prevent users from using the toolbar at the bottom, or I need an application like Blackice image viewer, but free.

THe problem is that I give my clients a full windws server 2003 vm and present the desktop via citrix, my applicaiton allow users to view attached images to each of their customers accounts. The problem is when my customer opens up the applciation to view one of thier customers images files, the server opens up windows fix and image viewer, this allows the users to move through the directory of other images. I need to have them only have access to the one image that they click on.

I would liek to do everything thorugh Group policy, but if i can install an applicaiton that will open pdf's and tif images with out the ability to move through the directory, I will be happy.
LVL 3
TheonWAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btdownloads7Commented:
Any software you get will have the option to browse the folder. You need to create separate forlders for each user, and give each user only permissions to get into their own folder.
0
TheonWAuthor Commented:
not poss.
0
btdownloads7Commented:
There is no other way for you to prevent users from setting each other's files
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

David Johnson, CD, MVPOwnerCommented:
Why is it not possible? The server administrator certainly has the ability to assign folder permissions

your my application allow users to view attached images to each of their customers accounts

or include an image viewer in your code (imagebox)
Sample here


Form1.vb
0
TheonWAuthor Commented:
ve3ofa,
you are on the right track, I need to be able to open pdf's and tif, tiff. What I need is sort of what you did, but, I need to click on a link that links to an image file then open it to view. the problem with widows security and my application is, The software is for a DR. office it runs on citrix server, where my users will log into citrix to the desktop of the server, from there they launch the applicaiton that pulls up patients data, all users have access to the applcaitons via permissions with in hte app, all users have modify permission on the root of the data directory, they will upload images and link then to the patients record.
My problem is with windows image viewer, it has a toolbar that allows the users see other images in the same folders as the linked images.

with your code, can you make it to just open a linked image with out buttons, maybe a close button?, for that I would bump the point value to 500
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CoralonCommented:
You can use AppSense to limit the toolbar specifically (Application Manager).

The thing I would look at strongly is fixing the NTFS permissions to keep users from browsing the directory structure, and combine that with a GPO to hide the drive, it should be fairly effective.

In the data directory, give Authenticated Users the ability to add a file or a folder (depending on what your app does) and that's *it*.  Then give Creator Owner the rights they need (typically read or change based on what you have described).  Do not give them any other rights.. that will block them from opening other users' files.

Coralon
0
TheonWAuthor Commented:
Coralon,
The applicaiton does not use windows permissions. Thats why I can not limit the access to the fodlers, it has to be done via GPO, I know I can do a lot more with 2008 gpo and I was hoping not to have to upgrade my DC's to 2008 just yet. I have over 2000 users logging in to this system.
0
CoralonCommented:
How does the application bypass the NTFS permissions?  (This is assuming the app is not storing the images internally on 1 file..)    The only other way would be if the app uses a service account to open the files, which basically would keep it from *ever* being locked down.

The Windows program absolutely obeys the NTFS permissions, so in theory that should still work, unless (as mentioned above) it is using a service to "do the dirty work".

But, AppSense can definitely lock down that toolbar :-\

Coralon

0
TheonWAuthor Commented:
problem with appsense if I do not have it in the budget, the app uses its own users and the app service is started as a system account, so there is no real way to lock down the folders plus all users have access to all folders, but not from within another patients chart. The problem is that the user will open a patients chart and click on a linked image, then the image viewer opens, when i have a toolbar that allows you to explore the directory, then the office user can clci kforward or back and see other images, which they in turn are linked to this person chart, that is the problem, I do not have a sec issue, I just need an image viewer that will open tif, jpag, bmp, pdf, pretty much all images files, with out a toolbar, but the ability to see multiple pages. I will have the same problem with pdf's
0
CoralonCommented:
Ah.. service account - that is your kicker.  From your description, the service account is opening the application, which means that it is not impersonating the user, so as you said, NTFS security is useless.  

Short of modifying the application, or going 3rd party (AppSense) I don't think you will be able to lock it down.  The app needs to kick off the viewer application as the user (impersonation) for the security to be usable.  There are some resource editors out there you could maybe modify the exe to remove the buttons from the application, but they are definitely a 'at your own risk' type of thing to do.  

Coralon
0
ITguy565Commented:
What you are asking can be done though GPO. I would suggest canceling the close request and I might be able to assist you with this. Or, post another question and let me know the location.
0
TheonWAuthor Commented:
Never received a workable answer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Applications

From novice to tech pro — start learning today.