Limiting users to a single application - Microsoft Windows

This is a discussion on Limiting users to a single application - Microsoft Windows ; A friend has asked me whether I could write a simple point-of-sale application for his pizza business. I think I can do most of what he wants with an Access database and VBA scripting. What I'm not sure about is ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Limiting users to a single application

  1. Limiting users to a single application

    A friend has asked me whether I could write a simple point-of-sale
    application for his pizza business. I think I can do most of what he
    wants with an Access database and VBA scripting.

    What I'm not sure about is his requirement that the computer must be
    "locked down" so that his employees can run _only_ the POS application
    and only those with a special password or other authentication can use
    other applications or look at files on the computer.

    Is it possible to do this?

    My friend is open to using either Win2K or XP. Win2K would be more
    convenient for me because that's what I do my development on.

    Can I configure security on a Windows system so that a particular user
    can only run one application and cannot browse the file system?

    Or can I create an always-on-top full-screen window belonging to an
    application that cannot be terminated, even with Ctrl-Alt-Del and Task
    Manager?

    How about a service that paints on the desktop when no one is logged in?

    Are there any other ideas or experience with this?

    Norm
    --
    --
    To reply, change domain to an adult feline.


  2. Re: Limiting users to a single application

    On Fri, 23 Mar 2007 02:25:30 GMT, Norman Bullen
    wrote:

    >A friend has asked me whether I could write a simple point-of-sale
    >application for his pizza business. I think I can do most of what he
    >wants with an Access database and VBA scripting.
    >
    >What I'm not sure about is his requirement that the computer must be
    >"locked down" so that his employees can run _only_ the POS application
    >and only those with a special password or other authentication can use
    >other applications or look at files on the computer.
    >
    >Is it possible to do this?


    At least in the Windows CE/Windows Mobile world, this is called "kiosk
    mode". I hide the Task Bar and make my windows fill the whole screen.
    That won't really keep users from other applications, but it will at
    least hide the other applications. For code, see my 19 Jun 2003
    contribution to a thread called "Fullscreen" in
    comp.os.ms-windows.programmer.win32

    I just used google (http://groups.google.com/advanced_group_search) to
    look up
    kiosk mode
    in comp.os.ms-windows.programmer.win32 and got 10 hits. I took a quick
    look, and didn't see anything obviously useful, but you should check
    anyway.

    >
    >My friend is open to using either Win2K or XP. Win2K would be more
    >convenient for me because that's what I do my development on.
    >
    >Can I configure security on a Windows system so that a particular user
    >can only run one application and cannot browse the file system?
    >
    >Or can I create an always-on-top full-screen window belonging to an
    >application that cannot be terminated, even with Ctrl-Alt-Del and Task
    >Manager?
    >
    >How about a service that paints on the desktop when no one is logged in?
    >
    >Are there any other ideas or experience with this?
    >
    >Norm
    >--


    -----------------------------------------
    To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

    Robert E. Zaret, eMVP
    PenFact, Inc.
    20 Park Plaza, Suite 478
    Boston, MA 02116
    www.penfact.com

  3. Re: Limiting users to a single application

    Norman Bullen wrote:
    > A friend has asked me whether I could write a simple point-of-sale
    > application for his pizza business. I think I can do most of what he
    > wants with an Access database and VBA scripting.
    >
    > What I'm not sure about is his requirement that the computer must be
    > "locked down" so that his employees can run _only_ the POS application
    > and only those with a special password or other authentication can use
    > other applications or look at files on the computer.
    >
    > Is it possible to do this?
    >
    > My friend is open to using either Win2K or XP. Win2K would be more
    > convenient for me because that's what I do my development on.
    >
    > Can I configure security on a Windows system so that a particular user
    > can only run one application and cannot browse the file system?
    >
    > Or can I create an always-on-top full-screen window belonging to an
    > application that cannot be terminated, even with Ctrl-Alt-Del and Task
    > Manager?
    >
    > How about a service that paints on the desktop when no one is logged in?
    >
    > Are there any other ideas or experience with this?


    Make your application to be windows shell, make it full-screen and
    topmost. Allow users that knows a special password to launch an
    explorer.exe along with making your window non-topmost or minimizing it.

    There was similar thread while ago that crossposted multiple windows
    groups. Someone wanted to make a limited environment for his child. I
    think there was some more advanced techniques introduced along with some
    commercial products. I can't find this thread though.

    --
    Grzegorz Wróbel
    http://www.4neurons.com/
    677265676F727940346E6575726F6E732E636F6D

  4. Kiosk mode on Win2k WAS: Limiting users to a single application

    Norman Bullen wrote:
    > A friend has asked me whether I could write a simple point-of-sale
    > application for his pizza business. I think I can do most of what he
    > wants with an Access database and VBA scripting.
    >
    > What I'm not sure about is his requirement that the computer must be
    > "locked down" so that his employees can run _only_ the POS application
    > and only those with a special password or other authentication can use
    > other applications or look at files on the computer.
    >
    > Is it possible to do this?
    >
    > My friend is open to using either Win2K or XP. Win2K would be more
    > convenient for me because that's what I do my development on.
    >
    > Can I configure security on a Windows system so that a particular user
    > can only run one application and cannot browse the file system?
    >
    > Or can I create an always-on-top full-screen window belonging to an
    > application that cannot be terminated, even with Ctrl-Alt-Del and Task
    > Manager?
    >
    > How about a service that paints on the desktop when no one is logged in?
    >
    > Are there any other ideas or experience with this?
    >
    > Norm


    Kiosk mode refers to a server that can run only a single application and
    allows it' users no access to file systems, control panels, etc., unless
    unlocked with a password. I think I've found an approach that allows me
    to put a Windows 2K system into a form of kiosk mode.

    Remembering way back to when I wrote a screen saver for Windows 3.1, I
    realized that a screen saver isn't terminated by the OS when a mouse or
    keyboard message arrives; it terminates itself. The same is still true
    (almost) in Win2K.

    I wrote a very simple "screen saver" application and installed it as the
    logon screen saver. (This is the screen saver that runs--if configured--
    when the log on prompt is on the screen and there is no user activity
    for a long enough period of time. It is configured with registry
    settings in HKEY_USERS\DEFAULT\Control Panel\Desktop.)

    My screen saver does not terminate itself, ever. The (almost) above is
    because I discovered that the screen saver is terminated by the OS only
    when the Ctrl-Alt-Del sequence is entered. Because the screen saver gets
    no warning that this is going to happen, I decided to put the actual
    database code in a service that runs regardless user logons, etc.

    I also decided to make MY "screen saver" application as simple and,
    hopefully, as bullet-proof as possible so I put the actual user-facing
    dialogs in a separate application which is started by the "screen
    saver." This user app connects to the database service using a named
    pipe. The "screen saver" monitors this app and restarts it if it fails.

    When the store owner wants to allow employees to take orders using the
    system, he simply logs off of his user session. In a few seconds the
    "screen saver" kicks in and starts the order-entry dialog. The employees
    have no "close" button on the dialog; the only way they can make it
    close is to press Ctrl-Alt-Del. That takes them to the log on screen and
    they do not have a user name or password so they can't log on
    themselves. After a few seconds, they're back to the "screen saver" and
    order-entry dialog.

    When the owner wants to use the system for his own purposes, or for the
    database management functions that I provide, he uses Ctrl-Alt-Del to
    kill the screen saver and logs on using his user name and password; then
    logs off when he's finished.

    Norm

    --
    --
    To reply, change domain to an adult feline.


  5. Re: Kiosk mode on Win2k WAS: Limiting users to a single application

    Norman Bullen wrote:
    > Norman Bullen wrote:
    >> A friend has asked me whether I could write a simple point-of-sale
    >> application for his pizza business. I think I can do most of what he
    >> wants with an Access database and VBA scripting.
    >>
    >> What I'm not sure about is his requirement that the computer must be
    >> "locked down" so that his employees can run _only_ the POS application
    >> and only those with a special password or other authentication can use
    >> other applications or look at files on the computer.
    >>
    >> Is it possible to do this?
    >>
    >> My friend is open to using either Win2K or XP. Win2K would be more
    >> convenient for me because that's what I do my development on.
    >>
    >> Can I configure security on a Windows system so that a particular user
    >> can only run one application and cannot browse the file system?
    >>
    >> Or can I create an always-on-top full-screen window belonging to an
    >> application that cannot be terminated, even with Ctrl-Alt-Del and Task
    >> Manager?
    >>
    >> How about a service that paints on the desktop when no one is logged in?
    >>
    >> Are there any other ideas or experience with this?
    >>
    >> Norm

    >
    > Kiosk mode refers to a server that can run only a single application and
    > allows it' users no access to file systems, control panels, etc., unless
    > unlocked with a password. I think I've found an approach that allows me
    > to put a Windows 2K system into a form of kiosk mode.
    >
    > Remembering way back to when I wrote a screen saver for Windows 3.1, I
    > realized that a screen saver isn't terminated by the OS when a mouse or
    > keyboard message arrives; it terminates itself. The same is still true
    > (almost) in Win2K.
    >
    > I wrote a very simple "screen saver" application and installed it as the
    > logon screen saver. (This is the screen saver that runs--if configured--
    > when the log on prompt is on the screen and there is no user activity
    > for a long enough period of time. It is configured with registry
    > settings in HKEY_USERS\DEFAULT\Control Panel\Desktop.)
    >
    > My screen saver does not terminate itself, ever. The (almost) above is
    > because I discovered that the screen saver is terminated by the OS only
    > when the Ctrl-Alt-Del sequence is entered. Because the screen saver gets
    > no warning that this is going to happen, I decided to put the actual
    > database code in a service that runs regardless user logons, etc.
    >
    > I also decided to make MY "screen saver" application as simple and,
    > hopefully, as bullet-proof as possible so I put the actual user-facing
    > dialogs in a separate application which is started by the "screen
    > saver." This user app connects to the database service using a named
    > pipe. The "screen saver" monitors this app and restarts it if it fails.
    >
    > When the store owner wants to allow employees to take orders using the
    > system, he simply logs off of his user session. In a few seconds the
    > "screen saver" kicks in and starts the order-entry dialog. The employees
    > have no "close" button on the dialog; the only way they can make it
    > close is to press Ctrl-Alt-Del. That takes them to the log on screen and
    > they do not have a user name or password so they can't log on
    > themselves. After a few seconds, they're back to the "screen saver" and
    > order-entry dialog.
    >
    > When the owner wants to use the system for his own purposes, or for the
    > database management functions that I provide, he uses Ctrl-Alt-Del to
    > kill the screen saver and logs on using his user name and password; then
    > logs off when he's finished.
    >
    > Norm
    >


    Smart, but the only drawback I can see is that logon screensaver is run
    under LOCAL SYSTEM account and it's process has all the privileges
    stripped (except of SeChangeNotifyPrivilege if I remember well) so such
    application might not be able to perform certain taks.

    --
    Grzegorz Wróbel
    http://www.4neurons.com/
    677265676F727940346E6575726F6E732E636F6D

+ Reply to Thread