Access windows application installed in EC2 using browser - windows

I have installed QAD Netui Client (application with .exe executable) on Windows EC2 instance.
I would like to access that application through web browser or by any other way without the need of logging-in into windows instance.
The reason behind this requirement is that, I don't want users to get information about machine on which my application is installed.
Is there any way to achieve this requirement ?

Not likely. This appears to be a Window GUI application rather than something like a web application.
As a GUI application it needs a Windows desktop session to run. This is accomplished with remote desktop or other similar application that allows you to share a desktop with another client.
However, you can set up a Windows user profile that has much more restricted access to the machine. This is probably the closest you will get.

Related

Is it possible to containerize a Windows GUI application on a Windows host?

I have a rather difficult to manage Windows closed-source Windows GUI application. It's messy (leaves files all over the place) and has a convoluted installation process.
It has been proposed that we containerize the application, but can this be done?
For UNIX applications there's an easy pattern - just give the app access to the port of the X11 server, and allow the app to write to that, but is there a Windows equivalent? Is there any way at all to containerize a Windows application but allow it to generate windows in the host Operating System's desktop?
If this is possible, are there any handy recipes to get started with this?
Currently, It's not possible to containerized Windows GUI application on a windows host.
From the blog Insider preview: Windows container image
Lars Iwer [MSFT] writes in the comments below the article:
"In the container image as it is right now, GUI elements will be rendered in session 0. UI automation should work with that (e.g. programmatically searching for a window etc.)."
So according to my understanding, you can run GUI apps but the rendered elements are not shown on any desktop which will only work for UI automation work but not for user interactive application.
Session 0:
Session 0 is reserved exclusively for services and other non-interactive user applications. Users
who are logged on to Windows and their user applications must run in Session 1 or higher.
- User interfaces in Session 0 are not supported. Processes running in Session 0 have no access to the graphics hardware thus user interfaces cannot be directly displayed on the monitor.

Win32 API Call to a Remote Desktop

Well, my project is moving along very well as I am able to interact between an automated windows service running a desktop application or web based application, interact with that app and set data appropriately using Win32 API calls like SendMessage or PostMessage or others like that.
My current problem is that we now have a RDP (remote Desktop) application to interact with and I am not sure if that is even possible. Can we see the Windows handles for the RDP Container or is there another way of interacting with the Remote Desktop from an external application?
I hope this question makes sense and I appreciate any and all help.

standalone web application

Is there way to run web application as standalone desktop application? Could be web application written using PHP, MySQL and Apache converted to standalone application which meets following requirements:
1. Application should be called as http://myapp.localhost.
2. Application should have desktop icon which directly opens browser with application's URL.
3. Source code of web application should be hidden from users.
4. Installation for end user must be as easy as possible.
Now I do steps 1-2 using xampp and manually creating shortcut. I was interested in some wrapper, installer which do above steps automatically. But I have no idea about 3rd step.
Regarding item 3, see Can you "compile" PHP code?. This would allow you to develop in PHP and deploy the application via an installer.
There are several installer packages which would allow you to automate these steps, depending on your development environment.
PHP and MySQL require to have a web server running. That means you will need to copy the code over to the client's machine and then run the web server locally still on the client's machine.
If that's what you want, look into the Microsoft IIS Express (here).
In short, IIS is a web server that can host and run a server side web application, written in ASP.NET or PHP.
Here are the steps you need to take:
Install IIS express on the client's machine (one-time process, and I think quite acceptable - treat this as a runtime installation).
Create a designated (hidden) folder for the source files of the web application that you want to deploy (one-time process).
Create a windows batch file (bat or cmd) that starts the IIS (as described here) and then opens the website's URL so that the default browser starts. This file will serve as a shortcut, so you can place it on the desktop or wherever appropriate (one-time process).
Deploy your web application to the hidden folder from step 2 above (repetitive process - deploy to the same folder when you want to upgrade the clients to a new version).
Please have in mind that I am basing my suggestion on your requirement to host and run the application locally (on localhost).
However, if there's an option to run the application on a separate machine (not a localhost), then you could simply place a desktop shortcut to the network or internet address URL that would open the default browser without problems.
i would suggest Pouchdb http://pouchdb.com/api.html and Adobe Air http://www.adobe.com/devnet/air/air-sdk-download.edu.html. This way you can code with html and javascript and package it with Adobe Air.
I'm afraid it's not that simple.
If you want to use this approach (and I highly discourage it), you will have to deploy a webserver of some sorts on the client. You should be able to run the Apache/IIS Express and MySQL/SQLite executable and start a simple webserver and database.
If you'd also like a icon, you can create an installer that creates this icon and points to the URL you wish.
I'm afraid that's not possible. PHP is and always will be a scripting language. You might be able to obfuscate it somehow, but anyone who can download your application will be able to de-obfuscate it.
Again, you can create an installer. Inno Setup is pretty good from what I've heard.

Detecting a Citrix XenDesktop Session

I'm looking to determine if our application is running on a XenDesktop session rather than locally. Here is what I have found so far:
We currently have code to detect a Citrix XenApp session similar to the solution mentioned by Helge Klein in "API for Determining if App is Running on Citrix or Terminal Services".
Sadly that solution in a XenDesktop environment is returning back a WTSClientProtocolType of 0 which signifies a local console session.
In response to the same question Josh Weatherly mentioned checking the sessionname environment variable.
However a quick console check with echo %sessionname% on the XenDesktop environment returns back 'Console'.
From "Detect citrix “application mode”?" John Sibly suggested a solution for detecting a remote session (not Citrix in particular):
GetSystemMetrics(SM_REMOTESESSION) however returns 0 which also means that it is a local session.
Does anyone know of a way to detect that it is a XenDesktop session? So far as you can see all my attempts are returning that the session is a local console session.
I'm using XenDesktop Express 5.5, accessing the desktop using the Citrix Receiver Web Plug-In.
If you are using XenDesktop for VDI, then as far as the application is concerned, the application is executing locally. VDI, or virtual desktop infrastructure, consists of delivering the GUI from a full featured desktop operating system to a remote device. Typically, the desktop O/S executes in a virtual machine on a hypervisor in a data center, and the GUI is transmitted to the remote device using Citrix' ICA stack. For example, this happens in the pooled desktops scenario.
XenApp offers virtual desktops, which is a slightly different concept. Again, the desktop is delivered to a remote device using the ICA stack. However, the desktop is no longer running on a dedicated O/S. Rather, it is one of a number of user sessions on a single Windows Server. There may be any number of users logged on to that server. This places limits on the applications that can be run, which is why applications might want to know that they are on a multi-user O/S.
What you might try to do is determine whether the GUI is being delivered remotely using the ICA stack. A simple check would involve looking for the "ProticaService", which is responsible for implementing the ICA stack.
Alternatively, you may be trying to determine if your machine is running in a VM or native to a machine. Besides the pooled scenario described in the first paragraph, XenDesktop can deliver desktop running native. This overcomes limits on virtualision I/O devices such as graphics cards used by CAD applications. In this case, you need to rule out the presence of a VMM, or hypervisor.
I have updated my answer linked to in the question with a description of how to determine the remoting protocol type in XenDesktop sessions.
You need the (not really well documented) function WFGetActiveProtocol from Citrix' WFAPI SDK. Proceed as follows:
Download the SDK (link)
Install WFApiSDK64-65.msi
In your C++ project include wfapi.h and link to wfapi[64].lib
Use the undocumented function WFGetActiveProtocol
More detail and sample code here.

Where should I store shared resources between LocalSystem and regular user with UAC?

My application consists of two parts: A Windows Service running under the LocalSystem account and a client process running under the currently logged in regular user.
I need to deploy the application across Windows versions from XP up to Win7.
The client will retrieve files from the web and collect user data from the user.
The service will construct files and data of it's own which the client needs to read.
I'm trying to figure out the best place (registry or filesystem, or mix) to store all this. One file the client or service needs to be able to retrieve from the net is an update_patch executable which needs to run whenever an upgrade is available.
I need to be sure the initial installer SETUP.EXE, and also the update_patch can figure out this ideal location and set a RegKey to be read later by both client and server telling them the magic location (The SETUP.EXE will run with elevated privileges since it needs to install the service)
On my Win7 test system the service %APPDATA% points to:
C:\Windows\system32\config\systemprofile\AppData\Roaming
and the %APPDATA% of the client points to:
C:\Users\(username)\AppData\Roaming
Interestingly Google Chrome stores everything (App and Data) in
C:\Users\(username)\AppData\Local\Google\Chrome
Chrome runs pretty much in exactly the way I want my suite to run (able to silently update itself in the background)
What I'm trying to avoid is nasty popups warning the user that the app wants to modify the system, and I want to avoid problems when VirtualStore doesn't exist because the user is running XP/2000/2003 or has UAC turned off.
My target audience are non-tech-savvy general Windows users.
Chrome doesn't have any services running under the LocalSystem account, though.
If you want to have files that can be shared between accounts on the same system, store them under the %ALLUSERSPROFILE% folder.
If you just want to be able to auto-update programs, then doing what Chrome does is fine: just make sure you launch the updated elevated when UAC is turned on.

Resources