Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Kiosk Style Shell


  • Please log in to reply
5 replies to this topic
ChrisM
  • Members
  • 58 posts
  • Last active: Oct 25 2006 05:56 PM
  • Joined: 28 Nov 2004
This is a project inspired by daonlyfreez http://www.autohotke...opic.php?t=1117

It is intended to be a secure way of letting untrusted users access certain programs while locking out everything else on the computer.

In my buisness situation it will be used to let remote computers connect to this kiosk over the internet with the service provided by http://www.gotomypc.com

It currently needs to be run on an adiministrative account due to the registry edits ( also a limitation by the GoToMyPC host server ).
I'm not sure if a limited account would provide any more security.

I currently can't find any way that a user could break through the kiosk, but my knowledge is very limited in all the ways to crack a system.

There are two scrpts. Put them both in the same directory and compile 'PasswdCheck.ahk'. This is needed for the 'RunAs' command to work properly.

Thoughts and suggestions always welcome.

Be sure to read the header comments carefully before using it.

Kiosk.ahk
; --- Kiosk.ahk
; AutoHotkey Version: 1.0.37.01
; www.autohotkey.com
; Language:       English
; Platform:       Win XP
; Author:         Chris Moore
;                 portions by daonlyfreez
; Created:        July 26 2005

; Script Function:
; Provides a secure, fully restricted shell in order to run this script
; nonstop, kiosk style.
; The user can do nothing but interact with this script and any programs this
; script allows to start.
; The kiosk will consist of one fullscreen window, which will remain in the
; background, and any buttons that are configured below.
; If any program is minimized it will be restored immediately.
;
; Buttons can be limited at certain times each day for making backups etc.
;

; USAGE
; Place the directory containing this script and it's associated files
; in some permanent place ( but not in the kiosk user directory, see below ).
; The OS will need to find these on bootup.
;
; Change the details below about the path to this script.
; Change the button details below to start any programs you want to run.
;
; It is strongly recommended you setup a new administrative user account,
; password protected, to run this kiosk script. If something goes wrong while
; you develope this script you could be locked out completely from the user
; account. Your only option then is to delete the account and create a new one.
;
; Logon to the new account, browse to this script and run it by double clicking.
; Logoff and logon again.
; You will then be in the kiosk running only the preset programs.
;

; NOTES
; All ways of exiting the kiosk are password protected using the account
; password. No password is stored in this script, we use 'RunAs' to verify
; passwords.
;
; To logoff press 'Windows key + L' - works on Win XP only.
;
; Use 'Windows key + E' to exit this kiosk script and start Windows Explorer
; desktop. - works on both Win XP and 2000
;
; Win 2000 issues:
; - Win + u is not disabled.
; - Ctl + Alt + Del still takes you to the task manager screen, but it is all
; dimmed out ( not the best but it does not appear to be a security hole ).
;
; This script needs to be run from an administrative user account in order for
; the registry edits to work. Limited user accounts can't edit the registry.
;


; Full path to this script.
kioskScript = %A_ScriptFullPath%

; Full path to the password checking exe file.
passwdCheck = %A_ScriptDir%\passwdCheck.exe

; Full path to the Autohotkey.exe file.
ahkInstall = %A_ProgramFiles%\Autohotkey\Autohotkey.exe


If A_OSVersion Not In WIN_XP,WIN_2000
{
  MsgBox This script requires Windows XP or Windows 2000.
  ExitApp
}

#singleinstance force
setbatchlines, -1
SetWinDelay, -1
SetTitleMatchMode, 2

; No double quotes are allowed around the path to the Autohotkey.exe file.
; But double quotes are needed around the path to the kiosk script.
; This seems to be a registry requirment.
kioskShell = %ahkInstall% "%kioskScript%"

; First time the shell is run - change the default shell.
ChangeDefaultShell()

; ---------------------------------------------
; Security settings and hotkeys to setup before anything else starts.

; Hotkeys that do something usefull.
Hotkey, #l, Exit2Logoff
Hotkey, #e, Exit2Explorer

; Disable keycombos that run independent of the shell.
;
; Win + U (Open Utility Manager)
; This does not stop the utility manager in Win 2000. No solution found.
Hotkey, #u, Junk

; Disable them Windows Security Screen (Ctrl + Alt + Delete Screen) buttons:
WinSecurityButtons("off")


; ---------------------------------------
; Programs to start on login

; Start AutoIt3 Window Spy
Run, "%A_ProgramFiles%\AutoHotkey\AU3_Spy.exe"


; Size adaptations for screen dimensions 
sh = %a_screenheight% 
sh -= 24 
sw = %a_screenwidth% 
sw -= 5 

; Create the Gui 
Title = Kiosk
Gui, -sysmenu 
Gui, Add, Button, x6 y20 w100 h30, Notepad
Gui, Add, Button, x6 y70 w100 h30, Window Spy
Gui, Show, x0 y0 h%sh% w%sw% NoActivate, %Title%

; Start forcing window postition and 'on top' 
SetTimer, CheckWin, 10

SetTimer, TimerCheck, 500

SetTimer, BackupTimeCheck, 60000

Return

; --- End of autoexecute section.
; --------------------------------------- 


; --- Check if this script is the default shell.
ChangeDefaultShell()
{
  global kioskShell
  ; Find what shell is currently the default.
  RegRead, oldUserShell, HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell

  IfNotEqual, oldUserShell, %kioskShell%
  {
    ; Warn the user
    MsgBox, 4099, Warning, You are about to replace your default desktop with this kiosk script.`nYou will have to edit the registry by hand to reverse these changes.`nAre you sure you want to continue?
    ifMsgBox, Yes
    {
      ; We replace the Explorer shell (Desktop) with this script.
      RegWrite, REG_SZ, HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell, %kioskShell%
      Msgbox, Logout and then login for the Kiosk shell to start.
      ExitApp
    }
    else
    {
      ExitApp
    }
  }
  Return
}


; --- Start Notepad.
ButtonNotepad:
{
  IfWinExist, Notepad
  {
    MsgBox, 4096, Warning, Only one Notepad is allowed to be open at a time., 30
    Return
  }
  ; Start Notepad
  Run, Notepad.exe
   
  Return
}


; --- Start Window Spy.
ButtonWindowSpy:
{
  IfWinExist, Active Window Info
  {
    MsgBox, 4096, Warning, Only one Window Spy is allowed to be open at a time., 30
    Return
  }
  ; Start AutoIt3 Window Spy
  Run, "%A_ProgramFiles%\AutoHotkey\AU3_Spy.exe"

  Return
}


; --- Disable close and escape
GuiClose: 
GuiEscape: 
Junk:
Return 


; --- Keep the kiosk window where it is...
CheckWin: 
{
  WinMove, %Title%,, 0, 0
  WinSet, Bottom,, %Title%
   
  Return
}


; --- Things to check periodicaly.
TimerCheck:
{
  ; Check if a Notepad window is minimized, restore if it is.
  WinGet, isMin, MinMax, Notepad
  if ( isMin = -1 )
  {
    WinRestore, Notepad
  }
  
  ; Check if Window Spy is minimized, restore if it is.
  WinGet, isMin, MinMax, Active Window Info
  if ( isMin = -1 )
  {
    WinRestore, Active Window Info
  }
  
  ; Close the 'Task Manager is Disabled' warning window.
  IfWinExist, Task Manager
  {
    WinClose, Task Manager
  }
 
  Return
}


; --- Close any Notepad windows to allow the server to make a backup.
BackupTimeCheck:
{  
  ; If 4:00 AM, plus/minus 1 minute, stop program so server can do backup.
  FormatTime, TimeString, T12, Hmm
  if ( TimeString >= 359 AND TimeString < 401 )
  {
    GuiControl, Disable, Notepad
    SetTimer, BackupTimeCheck, Off
    ; Close the Notepad window
    WinClose, Notepad

    ; Wait 30 minutes for server to finish it's backup
    interval = 30  ; in minutes
    interval *= 60 ; convert to seconds
    Progress, R0-%interval%,, Notepad is unavailable now.`nPlease check back shortly., Making System Backup
    Loop, %interval%
    {
      Progress, %a_index%
      Sleep, 1000 ; 1 second
    }
    Progress, Off

    ; Start the timer again.
    SetTimer, BackupTimeCheck, On
    GuiControl, Enable, Notepad
  }
  Return
}  
  

; --- Disable/enable Windows Security Window buttons...
; Author: daonlyfreez
WinSecurityButtons(toggle)
{
  If toggle = off
  {
    SetTo = 1
  }
  else
  {
    SetTo = 0
  }
  ; Edit Registry
  Keys1 = NoBlock,NoRun,NoSMHelp,NoChangeStartMenu,NoClose,NoLogoff
  Loop, PARSE, Keys1,`,
  {
    RegWrite, REG_DWORD, HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, %A_LoopField%, %SetTo%
  }
  Keys2 = DisableTaskMgr,DisableChangePassword,DisableLockWorkstation
  Loop, PARSE, Keys2,`,
  {
    RegWrite, REG_DWORD, HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Policies\System, %A_LoopField%, %SetTo%
  }

  Return
}


; --- Exit the Kiosk and start the Windows Explorer desktop.
Exit2Explorer:
{
  If ( Not ExitPermission() )
  {
    Return
  }

  ; Enable Desktop
  Run, explorer.exe
  ; Done, so exit...
  ExitApp
  
  Return
}


; --- Exit the Kiosk and Logoff the current user.
Exit2Logoff:
{
  ; For Win 2000 the logoff command is not available. No solution found.
  If A_OSVersion In WIN_2000
  {
    Return
  }

  If ( Not ExitPermission() )
  {
    Return
  }

  IfWinExist, Notepad
  {
    WinClose, Notepad
    ;Give time for Notepad to close.
    Sleep, 5000
  }

  ; If we use 'Run' this script exits before the OS gets the command to logoff.
  RunWait, logoff
  ; Done, so exit...
  ExitApp
  
  Return
}


; --- Does the user know the password?
ExitPermission()
{
  global passwdCheck
  SetTimer, CheckWin, Off
  Settimer, TimerCheck, Off
  Gui +OwnDialogs
  MsgBox, 4099, Exit Kiosk, Are you sure you want to exit?
  IfMsgBox, Yes
  {
    ; Password protection using the current users login password.
    InputBox, userPassword, Password, Enter Password, HIDE,,,,,, 60
    ErrorLevel = 0
    RunAs, %UserName%, %userPassword%
    RunWait, "%passwdCheck%",, UseErrorLevel
    RunAs,  ; Reset to normal behavior.
    ifEqual, ErrorLevel, ERROR
    {
      MsgBox, 4096, Wrong Password,, 30
    }
    else
    {
      ; Enable buttons
      WinSecurityButtons("")

      Return 1
    }
  }
  SetTimer, CheckWin, On
  Settimer, TimerCheck, On

  Return 0
}
PasswdCheck.ahk
return
Yes the script is just a return, nothing more.
ChrisM

Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
That looks like a comprehensive solution to something that gets requested fairly often. Thanks for posting it.

daonlyfreez
  • Members
  • 995 posts
  • Last active: Jan 23 2013 08:16 AM
  • Joined: 16 Mar 2005
Nice... I couldn't test for multi-user...

One thing I saw, you are using an autohotkey.exe, and are allowing notepad and windowspy :wink:

What keeps the user from creating a script and running it to break the kiosk? And why allow windowspy? Or was that just for testing?
Posted Image mirror 1mirror 2mirror 3ahk4.me • PM or Posted Image

ChrisM
  • Members
  • 58 posts
  • Last active: Oct 25 2006 05:56 PM
  • Joined: 28 Nov 2004

Or was that just for testing?

Notepad and Window Spy were simply chosen because most people viewing this forum are going to have these, which makes the script work "out of the box".

It is ofcourse important to think about all the possible ways for misuse of whatever you allow to be started from the kiosk.
For instance most 'File->Open' dialogs allow the user to change and delete files and directories by right clicking.

This is perhaps a good reason why the script needs to be changed to allow it to run in a limited user account. Possibly using group policies and permissions in XP would help.
ChrisM

daonlyfreez
  • Members
  • 995 posts
  • Last active: Jan 23 2013 08:16 AM
  • Joined: 16 Mar 2005
I still need to find out a way of how to call one of the dlls I found in the other threads, and whether the methods they use have limitations on the levels needed.

It would be nice to have sort of an extention of the BlockInput command, something like:

BlockInput, On, abcdefghijklmnopqrstuvwxyz ::mypassword ; would block all, but the ones defined

As for the limited user account... It all depends on how much you want to allow or not... A BlockAllBut command doesn't exist yet :p ...

And regarding the 2k logoff, something like this? (UNTESTED!)

res := DllCall("ExitWindowsEx", UInt, EWX_LOGOFF, UInt, 0)
msgbox, %res% (<- 1 should mean succes)

from here
Posted Image mirror 1mirror 2mirror 3ahk4.me • PM or Posted Image

wedgenix
  • Members
  • 17 posts
  • Last active: Oct 20 2013 08:34 PM
  • Joined: 05 May 2005
> ; For Win 2000 the logoff command is not available. No solution found.

The 2k boxes here both have a logoff.exe in %WINDIR%\SYSTEM32

I don't know if it was added during an MS update/hotfix recently, or if it is because they are 2k Server and Advanced Server boxes...can't check any 2kPro boxes unitl I get home. (both servers are SP4/current patches).