Win7 C++ - kiosk mode application does not have admin access - permissions

I'm working on a Kiosk system and I need to be able to lock down the keyboard and turn off the logon screen options on the fly. So at startup my code does these things, and if a security dongle is inserted, it undoes them.
Works fine in non-Kiosk, when I right-click the application and select "Run as administrator". The keyboard is locked down (I'm trapping key strokes), but the logon screen continues to come up with all five option buttons. I added debug writes to a file and found that the reason was "access denied".
My Kiosk is set up with a user that has been given administrator rights, and the application pathname (C:\\.exe) has been set as the Shell value in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\WinLogon. Since this application will run as session 0, I am not sure what else needs to be done to give it the rights to disable and enable the five logon screen options.

I have experience in develop Kiosk application and I advise you next solution. this is universal solution and works as expected. Run application in logon session - is bad idea. Run app Via winlogon regkey wil not run in session0, it will run app in user session.
Windows kiosk mode need next steps:
Create user for kiosk mode
Set next registry key for this user as path to your application:
Windows XP/7:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\full\\path\\to\\your\\application.exe>"
Windows 8 and later:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Shell"="C:\\full\\path\\to\\your\\application.exe>"
Autologin for kiosk user:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"ForceAutoLogon"="1"
"DefaultUserName"="kiosk"
"DefaultDomainName"="<place here pc hostname>"
"DefaultPassword"=""
[Option] If you need to disable Ctrl+Alt+Del, then use this registry key value ("") or you can place there own application:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"Debugger"="\"\""
Create kiosk user with this your application as shell and create/activate admin with password. With autologin to load as admin press shift when windows loading and before autologin or while logging out - windows will not autologin and show users list. Or, you can not set autologin and windows will show 2 users: admin and kiosk user with this your software.
To disable user input use WINAPI BlockInput
BOOL WINAPI BlockInput(
_In_ BOOL fBlockIt
);
It can be enabled by ctrl+alt+del - in this case with solution above your programm can disable it again.

Related

Forcing IE11 to launch my pop up site in 64 bit

So I have this issue, I have a web application that needs to open a popup in IE that is 64bit.
By default, it launches in 32bit. So I changed the 2 IE settings:
Trusted Sites -> Enable Protected Mode
Advanced Security -> Enable 64 bit processes for Enhanced Protected Mode
When I navigate to my site, if i use IP address, or short hostname, it behaves as expected and launches in 64 bit. But if I launch my site with the FQDN xxxxx.domain.com it still launches in 32 bit. Any ideas?
What is your IE version and OS version? Is the manager process of IE 64 bit?
You could try the following methods:
Enable UAC
If UAC is off, Enhanced Protected Mode doesn't do anything. You could enable UAC by editing the registry: Set EnableLUA value to 1 in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Or open the Control Panel, select User Accounts, click Change User Account Control settings, move the slider up, then click OK.
Disable LCIE
By disabling LCIE, there will be only one process no matter how many tabs running in IE. If the main process is 64 bit, then you'll get a single 64 bit process for all the tabs. Save below code as a reg file, then double click it to make it work in registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"TabProcGrowth"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"TabProcGrowth"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"TabProcGrowth"="0"

Windows 8 Kiosk Mode For "Non Windows" Applications

I have an external kiosk application that I'm trying to run it on tablet computer which has Windows 8 OS.
The thing is, that Windows 8 doesn't allow to use any external applications in kiosk mode. Only applications that based on Win 8 are allowed.
The problem with my kiosk application that while running you can drag it with the finger and the task bar and the desktop background are revealed and I don't want that to happen.
I want it to be locked to the screen without any option to move.
The application starts automatically when the win 8 goes up.
1)I tried to search at the registry to cancel part of the touch options. Without any actual result. There are few options to cancel some of the windows widgets at the left and right corners of the screen or cancel the touch option at all.
2)I've got the option to use a 3rd party applications, but I'm trying to prevent it for now.
Forget about windows internal kiosk mode as nightmare - it not works as expected and you can't change this. Create new user 'kiosk' and use next registry key for your app:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Shell"="C:\\full\\path\\to\\your\\application.exe>"
And configure autologin for this user:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"ForceAutoLogon"="1"
"DefaultUserName"="kiosk"
"DefaultDomainName"="<place here pc hostname>"
"DefaultPassword"=""
And you will get the result you want.

Is "Assigned Access" [Windows 8.1 feature] possible in Windows 8 app?

I want to create an app which will be deployed on tablets as a kiosk in a mall. I searched around for creating app with some restriction like it will be always open, only authenticated uses can close with swipe gesture or Alt+F4. I got one solution but it's related to Win 8.1 and I can't wait till that.
So what I want is the app will be always on. Normal users will use the app, they can't close it. App can be close by only authenticated users with password. Anybody have any ideas to do these things ?
PS : For those who don't know what is "Assigned Access", please see Windows 8.1 product guide and search for that term.
This is not possible in Windows 8 by design. You will have to wait until 8.1 for the dedicated "kiosk mode."
It's incomplete, but if you can't wait for 8.1 consider the following 2 setting to fake a kiosk mode.
1. Modify the user GPO for the Kiosk account. Change "User Config->Administrative Templates->System->Custom User interface" Enable the policy and put in the path to your application.
This will prevent the "desktop" from loading and replace explore.exe with your applications .exe
2. REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v 'Scancode Map' /t REG_BINARY /d "Make your binary change here" /f
This disables special keys like Windows key and remaps the Alt and Ctrl. Use Sharpkeys to define the binary http://sharpkeys.codeplex.com/
Good luck.

Start Process With Logged On User Credentials Windows 7

I have a deployment package that opens an application when the instalation has finished.
On opening, this application validates a connection to a database using Integrated windows security.
The Problem is that when it calls
Process.Start(XXXXXXXXXX)
The application is opened under the machine account, the one that actualy does the install under UAC in Windows 7.
I know i can use the ProcessStartInfo object to ask the user to specify their password etc however this will be really annoying for them when they are already logged onto the machine.
I have tried using ProcessStartInfo, WinAPI etc but to no avail.
Has anyone else encountered this type of issue and/or have a suggested solution.
In summary I am trying to call
Process.Start........
Under the credentials of the logged on user as the last action of an deployment package under Windows 7
VB.NET application developed in VS2010 using Windows Installer Deployment.

VB install and SYSTEM user

Hy,
I've create a setup for my vb application with visual studio.
At the end of the install I want to launch the application so i've add a custom action and used the chell to launch it. It's work but... the application is launch as SYSTEM user...
is there a way to launch it in normal user (on win7 as administrator)?
Thanks for your help
If you are installing the application as an Administrator and launching the application, then it will start under that identity.
Try installing the application as a non Admin user and see under what identity the application launches.
If it still requires Admin access, then look at the privileges requested in your config file.