I am trying to build a child proof Kiosk for a friend that won't allow the child to run anything but what we setup in our own special flash menu.
Ok to the problem. I installed TRES theme and disabled all the modules exect jdesk and all of the hot keys and the popups.
And with the GPO we can disable the task menu.
Problem: CTRL-ALT-F1 pops up a small menu with run on it and I can't figure out how to disable it or at least the run portion of the menu. Is this built into Litestep? Is there a way to configure this out?
You could download the source and compile it yourself after modifications. Or supposedly, just compiling with DevCPP/MingW doesn't let you have resources (like the logo for an application icon); is the recovery menu a resource?
I've not compiled LS before so I'm not sure.
I have downloaded the code and have removed the menu entry in RecoveryMenu.cpp however now I have some compile problems. I may have to try a different compiler. Currently Using VS2003Ent. It says it can't find png.h
hrmmm...jugg or ilmcuts would know better...but can't you overload Ctrl+Alt+F1 with like !None
cant you disable run with a GPO too? (you should)
most of the security shouldnt be handled that way anyway (what if run can be accessed another way, that you are unaware of?)
Ok, I have tried the GPO I would have to go through each program and add a hash file restriction because that run can not be stoped in the normal way. The account is limited. AutoPlay has been disabled in the GPO also. Age group its for is 4-12 so I am pretty sure we have them beat. We will backup the config for sure though.
The combination of a minimalist theme, removal of any keyboard shortcuts, and finally the GPO to disable the CTRL-ALT-DEL is the only way to go.
I have remed out the line of code that places run in the menu. Here is a recompiled 0.24.7 with hook, isapi.dll and litestep.exe just place in your litestep directory (backups would be wise) and then test by pressing ctr+alt+f1
http://www.codersjunto.com/54fc4esd/release.zip
Just goto the RecoveryMenu.cpp and comment out the Resource line near the top that has the Run command in it. I will post the RecoveryMenu.cpp file when I get home. Tonight.
It works wonderfully!!! I used the GPO to remove the autoplay and the CTRL-ALT-DEL. We then used a minimalist theme "TRES" and then disabled a few of the modules (jdesk only one used) and some of the keys, set all evars to three periods, and checked all files in the personal settings.
We installed our own custom program launcher which uses Flash (basicly Game box covers that rotate around a central axis) and then we used a combination of daemon tools, batch files, and FlashJester to launch the programs. Daemon tools was used to mount continuously cdrom images for installation and game play.
See my latest blog entry at
http://www.codersjunto.com for a screenshot under the title Flash Launcher
nonono...you posted a link to an LS binary. You are required to release full source with it by the GPL.
lol, 4-12 year olds eh ;) security by assumption, nice ;)
Why do you think it is security by assumption. Name a way of launching explorer (or other program) that I haven't mentioned here or on my blog that I haven't locked down and I will send you $5 by paypal. To cash in on this I will have to test your hack on our test system.
I have disabled autoplay.
I have disabled CTRL-ALT-DEL
I have disabled all keys with and popups with a minimalist theme and removed any excess modules.
I have disabled the run command in the LiteStep Source specificly the recoverymenu.cpp
And lastly the Flash program we developed also disables several keys that weren't caught elsewhere.
Good luck.
$5!!!
CTRL-SHIFT-ESC ?
What apps can the comp open? IE? (if they have a file menu cant you go File/Save/ then navigate to a file, right click and open it?)
Yup. Just about any program has a File, Open/Save function. Unless the programs he's setting up in the Flash menu don't have that type of function.
You can't keep someone from accessing a system just by locking down the interface.
If you're worried about "security" LiteStep isn't a solution. You should use the filesystem perms, and other methods of securing access to the system.
If you want to present a defined user interface that provides access to a specific set of applications, then LiteStep is a great choice. Just don't assume LiteStep can (help) prevent access to the system components that the user has permisions for.
And no you can't override Ctrl+Alt+F1. A code modification is needed (as has been done).
Ctrl-Shift-ESC and WIN-E was disabled with the Flash program. Action Script is fscommand("trapallkeys","true");
fscommand("showmenu","false");
fscommand("fullscreen","true");
The account used for login is also a limited rights account. None of the kids games have any ability to run or open anything from within the games.
Your right instead of a five spot I'll buy you a Pizza.
What were we right about?
And if your serious about the $5, you should give it to andymon over at ls-universe.info ;)
And no you can't override Ctrl+Alt+F1.
Get something else to register the hotkey before litestep does?
What loads before the shell?
A custom util that registers the hotkey then launches litestep? :)
This is all very amusing.
Instead of a $5 I will buy a pizza if you can come up with a way to launch explorer or the command shell. No one has had a idea yet that hasn't already been tested and prevented.
what about that old screensaver thing, where cmd.exe is copied and renamed to the default screensaver, then at the login screen just wait for the command prompt to load up.
The kid would have to rename the files before the OS loaded up ofcourse.
Come to think of it, what about safe mode?
All I am saying is, isnt it better to teach your kids to be safe rather than put stuff out of their reach so they want to try it out even harder? (this is what my dad tried to do also... but that was with win95, so a little different ;)
I have to agree with fractal here. By not allowing them to do it without educating you are asking them to try and figure it out. Granted your kids are a bit young to start trying to figure it out; but some 10 - 15 yr old will be more than happy to Brute Force his way into your account.
If you're worried about "security" LiteStep isn't a solution. You should use the filesystem perms, and other methods of securing access to the system.
---jugg
i agree with him, there are some excellent programs out there that needs minimal tweaking..
Anyway, if you wanna stick with listep.. i know a program that catches shortcut keys before litestep.exe does.. it's a program called autoit3,
"""AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting."""
by using this program's 'hotkey' function.. you can disable most shortcuts..
http://www.autoitscript.com/autoit3/index.php
Ok, First off they are not my kids they are our members children in a playroom facility that see over 900 kids a day come through its doors.
Safemode still requires a password. Which only me and my assistant know.
I didn't know about the screen saver trick. However they have no way of copying cmd.exe to the current screensaver. Besides they can't get to the desktop properties anyway. No menus No shortcuts to explorer.
No pizza for you FractalDesign. Good try though.
900 kids a day? good luck ;)
900 kids who know how to use a computer... I don't see why you even bother with all this security, you might as well give up :D
I bet one of those kids knows better ways of making it secure. ;)
thats what I was thinking... I mean come on.
I imagine some 1337 group of cyberpunks that hack you so well your not even aware of it.
I hope so anyway... Children are the future ;)
System has been up for a month and a half now. No one has hacked it yet.
if they are only going to play games .. then why not just use a console system? avoid the computer altogether :P
Because consoles are evil, of course.
well, duh. *doesn't own a console* well ... unless you count Nintendo Classic, but actually, my sister has that.
Do any of these games REQUIRE keyboard input? could you not interface the programs and the flash-interface to function with a gamepad?
*just curious*
thats a great idea actually