I'm programming a tool to control RDP sessions (like the Citrix management console).
I'm able to send messages to specified users, log users off, but I now want to create the ability to shadow a users session (for support purposes).
I've used the Cassia windows terminal services library, to log off users and send messages.
Google learned me that Cassia should be able to shadow a users session, but I can't seem to get the code right to accomplish this...
Has anyone have experience with programming a shadow utility in vb.net? (It doesn't necessary have to be with Cassia)
The most common reasons for remote control failing are:
Trying to shadow a RemoteApp session (Windows does not support this)
Trying to shadow a session that is using the true multi-monitor support added in the RDP 7 client (again, Windows does not support this); shadowing sessions using the multi-monitor spanning feature in the RDP 6+ client should work fine, however
Trying to shadow a session whose screen resolution or color depth settings are not compatible with the current session's (I've run into this before, though it didn't happen often enough for me to be able to pin down which screen modes caused issues)
Trying to shadow a session which the caller does not have permission to shadow
Trying to shadow a session when remote control of sessions has not been enabled on the "Remote Control" tab in the RD Session Host Configuration tool
The user in the session declining to allow shadowing (if the "Require user's permission" box is checked on the "Remote Control" tab in the RD Session Host Configuration tool)
Related
I was wondering if anyone had more information on what the specific risks for using chromedriver as was concerned by this statement.
"If possible, run ChromeDriver with a test account that has no access to sensitive local or network data. ChromeDriver should never be run with a privileged account."
Would like to know what the specific risks are when using a privileged account and what if any preventative measures can be taken to protect against them.
Thank you in advance!
How Google Chrome Browser Works
In the article Chrome Browser Security #STEPHANIE CRAWFORD mentioned, Google has leveraged its power as a search engine by creating its Safe Browsing technology which will automatically warn you if Chrome detects that a site you're visiting contains malware or phishing.
Chrome deploys this security measure through a unique security feature termed as Sandboxing. Sandboxing implies, separating each process out into independent spaces to see how they function individually. Chrome handles its workload as a series of multiple processes rather than as part of one large browser process. Each time you open a Web page, Chrome launches one or more new processes to run the scripts on that page. Also, each Chrome extension and app runs in its own process. Chrome implements sandboxing through its multi-process architecture. The security advantage in sandboxing comes with Chrome being able to control the access token for each process. These access token for a process allows that process access to important information about your system, like its files and registry keys. Chrome intercepts each access token from the processes launched from the browser, and it modifies that token to limit its access to that information. So, Chrome's sandboxing helps block web pages that try to install malware, capture your personal information or obtain data from your hard drive. The drawback of sandboxing is that, it can't catch everything. A sandboxed process might still be able to access less secure file systems. It's also likely to miss protecting registry keys and files managed by third party software, like a game or chat program that isn't native to the system.
WebDriver driven Chrome
While initiating a WebDriver controled Chrome Browsing Context using Selenium recently we had been advocating to use a certain command line argument:
--no-sandbox: Disables the sandbox for all process types that are normally sandboxed.
See:
WebDriverException: unknown error: DevToolsActivePort file doesn't exist while trying to initiate Chrome Browser
How to configure ChromeDriver to initiate Chrome browser in Headless mode through Selenium?
unknown error: session deleted because of page crash from unknown error: cannot determine loading status from tab crashed with ChromeDriver Selenium
No Sandbox
There are a couple of more Sandbox related flags available which enables the sandboxed processes to run without a job object assigned to them. This flag is required to allow Chrome to run in RemoteApps or Citrix. This flag can reduce the security of the sandboxed processes and allow them to do certain API calls like shut down Windows or access the clipboard. Also we lose the chance to kill some processes until the outer job that owns them finishes.
--allow-no-sandbox-job: Disables usage of sandbox job.
--allow-sandbox-debugging: Allows debugging of sandboxed processes.
--disable-gpu-sandbox: Disables the GPU process sandbox.
--disable-namespace-sandbox: Disables usage of the namespace sandbox.
--disable-seccomp-filter-sandbox: Disable the seccomp filter sandbox (seccomp-bpf) (Linux only).
--disable-setuid-sandbox: Disable the setuid sandbox (Linux only).
--disable-win32k-lockdown: Disables the Win32K process mitigation policy for child processes.
--enable-audio-service-sandbox: enable the audio service sandbox.
--gpu-sandbox-allow-sysv-shm: Allows shmat() system call in the GPU sandbox.
--gpu-sandbox-failures-fatal: Makes GPU sandbox failures fatal.
--no-sandbox-and-elevated: Disables the sandbox and gives the process elevated privileges (Windows only).
Sandbox
Sandbox leverages the OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential. The architecture and exact assurances that the sandbox provides are dependent on the operating system.
windows implementation principles:
Do not re-invent the wheel: It is tempting to extend the os kernel with a better security model. Don't. Let the operating system apply its security to the objects it controls. On the other hand, it is just okay to create application-level objects (abstractions) that have a custom security model.
Principle of least privilege: This should be applied both to the sandboxed code and to the code that controls the sandbox. In other words, the sandbox should work even if the user cannot elevate to super-user.
Assume sandboxed code is malicious code: For threat-modeling purposes, we consider the sandbox compromised (that is, running malicious code) once the execution path reaches past a few early calls in the main() function. In practice, it could happen as soon as the first external input is accepted, or right before the main loop is entered.
Be nimble: Non-malicious code does not try to access resources it cannot obtain. In this case the sandbox should impose near-zero performance impact. It's ok to have performance penalties for exceptional cases when a sensitive resource needs to be touched once in a controlled manner. This is usually the case if the OS security is used properly.
Emulation is not security: Emulation and virtual machine solutions do not by themselves provide security. The sandbox should not rely on code emulation, code translation, or patching to provide security.
linux implementation
macos implementation
My Use case :
I have an automation framework for Mac that launches 2 instances of the same app ( same bundle id) available at different locations to simulate two endpoint cases for media calls. With introduction of Mojave permissions, when I grant permission( camera , mic & accessibility) for one instance of the app, the other instance doesn't have the same permissions.
Since the bundle id is same, is it not that providing permission for the app is carried over to both instances?
I tried pushing a system profile to provide permissions but that doesn't seem to work
Also added an apple script to continuously check for permission pop-up and click ok to it. This works for mic and camera but not for accessibility. Also when each instance is launched the permission would be asked again.
Is there a way to by default provide all access to the application by default without asking for any permission pop-ups?
Or is there any way to tweak something at the OS level to not ask for permissions at all ( behave same as <10.14) .. I tried disabling system integrity but that doesn't seems solve this issue
You need to code-sign all versions/copies of the app using the same identity.
When an app is not code-signed and the system needs to record its identity (as for permissions), it generates an ad hoc code signature. That signature, though, only matches that exact build of the app. Another copy of the app that is different in any code-signature-relevant way is not considered to have the same identity. In fact, it's likely to be considered "malicious" as it appears to have been tampered with.
If you code-sign your app with appropriate designated requirements, that enables the system to understand that two different versions of an app have the same identity and should share permissions. This is key to an app maintaining permissions through an upgrade to a new version, for example.
I noticed that the simulator in VS2012 is (apparently) opening a new Windows session with the same account, which causes many issues:
I can't use the Modern UI version of IE, because IE is not my default browser. But if I set it as the default browser in the simulator, it also becomes the default browser in my host session, which I don't want
for apps that are scheduled to start when the session starts, a new instance is started in the simulator. For instance:
Dropbox: it could probably cause serious issues if both instances try to synchronize the same physical folder
Spark: it detects that someone else connected with the same account from another computer, so I'm disconnected in the host session
Logitech Setpoint: it captures the mouse wheel in the simulator, which means I can't use the wheel any more in the host session (I have to kill Setpoint in the simulator to fix it)
It seems to me that the best way to fix this problem would be to have the simulator open a session with a different user account, so that it doesn't interfere with my current session. But I couldn't find any option to control the behavior of the simulator... Is it possible at all?
This is not possible as Child Sessions are used for the simulator which is a feature that is only available for the current user. More information on Child Sessions can be seen here
One solution is to virtualize and do a remote debugging on that instance, that way you can deploy and debug without any of the issues above.
http://msdn.microsoft.com/en-us/library/windows/apps/hh441469.aspx
It seems to me that if the user installs another browser on Windows 8, the default tile for Internet Explorer should change to that new browser. However, it doesn't seem like Chrome or Firefox currently does this. Is it even possible to replace the IE tile with the tile for another app programmatically?
You can't do that.
All Windows store applications work in a sandbox environment and doesn't have access to core OS api's. App's are restricted to core OS api's so that malicious applications cannot change system setting without user knowing about it.
Start Screen is OS level, and Apps do not have acces to the order of tiles. If they had, user would loose all personalization made as every App would move itself to the first row and column, as Raymond Chen stated.
I have a desktop application that attempts to limit the user to one instance per session (so each user/remote desktop connection can run a copy)
I do this by creating an EventWaitHandle with a "Local\..." prefix on the event name, and if isn't created, I exit the program.
The warning from the verifier tool looks like this:
WARNING
Multi user session test
• Warning: The multi user session test detected the following errors:◦An error occurred while performing the testing process.
• Impact if not fixed: Multiple users might not be able to launch the app in concurrent sessions.
• How to fix: Make sure that the app doesn’t block multiple concurrent sessions, either locally or remotely. The app must not depend on global mutexes or other named-objects to check for or block multiple concurrent sessions. If the app can’t allow multiple concurrent sessions per user, use per-user or per-session namespaces for mutexes or other named-objects. See link below for more information:
Remote Desktop Services programming guidelines
http://msdn.microsoft.com/library/windows/desktop/aa383490(v=vs.85).aspx
Any idea on what this error means, and how to get rid of it?
I've tested the program while logged into multiple accounts, and it correctly detects that the program is not running on the new session, despite running on a previous one.
Is there a way to get more detailed descriptions of the failures?
this link suggests that there is a bug in Windows Application Certification Kit (WACK) 2.2 and it is resolved in WACK 3.0 available for Windows 8.1 Preview. I chose to ignore this particular warning for now.
Set for user (choice user or machine) when you run Windows App Cert