I manage a number of Windows PCs which are used to control equipment. Each computer has a specific program installed which is what people launch to use that equipment. We want to require people to log in before they can access this program.
Currently, I have a wxpython app which just launches that executable when people log in with the correct credentials. However, you can just run the program directly and bypass logging on. I'd like to make a mock logon screen, ie, fullscreen and modal, which only goes away when you log in. Also it should not be able to be bypassed by alt-tab, windows key, etc. How might I accomplish this with wxpython?
There is no full proof way to do this on Windows. You can show a wx.Frame modally using its MakeModal() method. And you can catch EVT_CLOSE and basically veto it it they try to close the frame. However, if they have access to the Task Manager or even Run, they can probably get around the screen. Most users won't be that smart though. You can delete the shortcuts to the apps you want to launch with wx and that will force most normal users to use your login screen. It's only the smart ones who like to troll through the file system who will go around it.
Related
I have a cross platform need to open a gui application programmatically, but keep it hidden from the user. Effectively, I want a command line driven interface to act as a wrapper over this gui app, and insulate the end user from seeing or interacting with it. The program is from a third party, I did not write it, and I can't edit it.
I can do this one way or another on Windows, on Linux, and (in theory) on older versions of Mac, but not the most recent ones. On Windows, I can use the native api ShellEx with a hide window parameter. It's very easy and straight forward. In Linux, I can can render a gui app to a virtual frame buffer (using xvfb).
On macOS, the open command has a --hide and --background option, but they don't have any effect (at least on this app...)
I tried changing the plist file and found that LSUIElement will hide the app from the docker, but it still shows up on the screen. LSUIPresentationMode=4 or 3 OUGHT to work for exactly this, but apparently that doesn't do anything anymore as of a few os versions ago...
I tried the approach of moving the .app off of the screen with AppleScript. That works, but you have to manually grant permissions for such a thing to occur via System Preferences. In prior versions of Mac, those permissions could be twiddled on the fly via sqlLite (so long as you had sudo rights), but now they blocked that too. You can only pull that off apparently through a process of disabling "SIP" and forcing a reboot. That is totally outside the realm of what I want.
I've tried using the xvfb approach on Mac (jumping through hoops to acquire the binary they use to include stock, and now dropped), but I'm not having luck with that. I don't think it's possible to direct a mac .app to another display is it? A .app does not render on X11 by it's nature right?
What other clever ways might there be to hide a third party app on a mac? (and that still works in most recent os versions!)
I have an application that uses COM to automate Word. It needs to run even when a user is not logged in. I achieved this on Windows 7 by making it run as a scheduled task which runs at startup and doesn't require a user to be logged on. I also had to use the 'hack' where you add a 'Desktop' folder in 'C:/Windows/SysWow64/config/systemprofile'.
I tried this same method in Windows Server 2012, but it doesn't work. I can see in the task scheduler that the application is starting an instance of Word. However, it then appears to 'hang' and nothing happens. I think perhaps the invisible instance of Word is showing an error message which causes the whole thing to hang, as I cannot dismiss the message.
Has anyone else had trouble getting COM to work on windows server? Is there any way of showing hidden instances of Word to see if an error dialog is showing? Or any other way of diagnosing what the problem is?
I know ideally we would have an app that created the word documents without using COM, but this is not an option at the moment.
Does your app work when run as a logged-in user?
In the past I've run into what sound like similar problems, when running programs that try to use COM interfaces; some tasks work, but others simply don't function unless run as a logged-in user with an interactive desktop.
For me the simplest solution was to set up the machine to log in as a user at boot (which you can set up in the control panel - or I think there might also be a sysinternals tool that supports configuring that nowadays), then make sure that task scheduler/Jenkins/whatever you use launches the app as the logged-in user.
I have a user that is currently running my Winforms app on Win7. My app allows users to select rows from an open Excel spreadsheet and drag-n-drop them onto the app. However, this user cannot do the drag-n-drop. The cursor changes to the "no" cursor (little circle with line through it) and the operation won't complete.
I was researching drag-n-drop and Win7 and everything I found points to UAC and/or UIPI. I was looking for some solutions and am not sure if any of the below would work:
If the user logs in as admin (and as a result runs my app as admin) would that allow drag-n-drop to work?
Does the user need to turn off or change the settings of UAC/UIPI in order to be able to drag-n-drop?
I am not sure what the issue is. My app usually runs from C:/Documents and Settings/... (C:/Users/... on Win7). Does where it is running from matter? Does drag-n-drop not work because the user is not running my app with enough permissions? Are his Excel and my app on different permission levels? If so, what can be done about that? Note that even though my app allows users to just drag the file directly, that doesn't work either.
Also, is there any way I can have the user reproduce this issue with other apps? Are there apps that come with Win7 that he can see the same problem with. For example, can this be reproduced using Notepad?
Thanks.
Explaining this problem away by UIPI is a very long stretch. It doesn't have anything to do with whether or not the user is logged-in as an admin, that doesn't affect UAC and your program will be running with that same account anyway. The only way UIPI could kick in to stop a D+D is when your program is elevated and Excel is not.
To get yourself elevated requires work and doesn't happen by accident. You'd have to include a manifest so that the user gets the UAC prompt, you'd know about that. Or the user would have to change the desktop shortcut and tick the "Run this program as an administrator" option, she's know about that. While UIPI can be bypassed for Windows messages (ChangeWindowMessageFilter), it cannot for Drag and Drop so if any elevation is going on then your stuck. The ultimate test is to simply ask the user to put the UAC slider all the way down.
The much more likely scenario is that your DragEnter event handler simply isn't happy with the data it sees and therefore doesn't assign the e.Effect property. If you can't get a debugger on-site then write a little test program that logs the values of e.Data.GetFormats() plus whatever else you use to check if the drop is acceptable. And don't forget the obvious: the user simply fumbling the drag somehow.
I'm trying to figure out if there's a way to use SetWindowsHookEx and be able to affect apps that are run with Admin rights on Vista, with UAC enabled. This is an app that will need to add a small button to the caption bar of other windows to enable some multi-monitor-aware handling. I would have thought this couldn't be done, but I've seen one app that appears to do this. As far as I can tell, this other apps is not being run with Admin rights, and yet it can affect all apps in the system, including those with Admin privilege.
It would seem that there's a way to do this, then, but I'm at a loss on how. My app only needs to be able to draw on window title bars and be able to affect their movement and size. I don't need to do anything else.
You can't, as administrative processes are isolated from non-administrative processes running on the same user desktop. You can't even drag and drop between admin and non-admin processes.
This is an in-dept analysis: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx
About the application you are referencing, it probably uses some administrative code running in background (usually as a service) so it can interact with administrative processes.
Situation:
A GUI app contains functionality (off a menu option) that produces a frequently updated image to a directory.
A logged-in, running instance of the app is the ONLY source for this image (functionality 'reliant' on display device). I have researched this to death - it is a sad fact.
The GUI application offers COM interfaces, but none that generate the image.
GUI code cannot be change in the least (big surprise).
Requirement:
These current images are needed by other processes at various times.
Obvious solution:
A process that creates an instance of the GUI app and uses SendKeys to manipulate the controls to produce the image.
Roadblocks (do I need to elaborate)
Aside from the flakiness of Sendkeys - assuming that Sendkeys WAS reliable....
Sendkeys can't work when console session is locked (locked is production requirement)
SendMessage API can't send key combinations like 'shift/letter' (required to invoke menu option).
Questions
Is there any other way to programatically interact with the app when the session is locked?
Can a windows service unlock/lock the sesion at predetermined times - long enough to allow an image generation to occur.
I know, I know, its crap. ANY high level ideas and MOST opinions are appreciated ;)
Virtual PC.
Lock the host, not the virtual machine.
But to actually answer your question: i don't think you can send keys to a locked computer. Why? What if there are multiple logged in sessions; which one would it send the keys to?