It is intended to be a secure way of letting untrusted users access certain programs while locking out everything else on the computer.
In my buisness situation it will be used to let remote computers connect to this kiosk over the internet with the service provided by http://www.gotomypc.com
It currently needs to be run on an adiministrative account due to the registry edits ( also a limitation by the GoToMyPC host server ).
I'm not sure if a limited account would provide any more security.
I currently can't find any way that a user could break through the kiosk, but my knowledge is very limited in all the ways to crack a system.
There are two scrpts. Put them both in the same directory and compile 'PasswdCheck.ahk'. This is needed for the 'RunAs' command to work properly.
Thoughts and suggestions always welcome.
Be sure to read the header comments carefully before using it.
Kiosk.ahk
; --- Kiosk.ahk ; AutoHotkey Version: 1.0.37.01 ; www.autohotkey.com ; Language: English ; Platform: Win XP ; Author: Chris Moore ; portions by daonlyfreez ; Created: July 26 2005 ; Script Function: ; Provides a secure, fully restricted shell in order to run this script ; nonstop, kiosk style. ; The user can do nothing but interact with this script and any programs this ; script allows to start. ; The kiosk will consist of one fullscreen window, which will remain in the ; background, and any buttons that are configured below. ; If any program is minimized it will be restored immediately. ; ; Buttons can be limited at certain times each day for making backups etc. ; ; USAGE ; Place the directory containing this script and it's associated files ; in some permanent place ( but not in the kiosk user directory, see below ). ; The OS will need to find these on bootup. ; ; Change the details below about the path to this script. ; Change the button details below to start any programs you want to run. ; ; It is strongly recommended you setup a new administrative user account, ; password protected, to run this kiosk script. If something goes wrong while ; you develope this script you could be locked out completely from the user ; account. Your only option then is to delete the account and create a new one. ; ; Logon to the new account, browse to this script and run it by double clicking. ; Logoff and logon again. ; You will then be in the kiosk running only the preset programs. ; ; NOTES ; All ways of exiting the kiosk are password protected using the account ; password. No password is stored in this script, we use 'RunAs' to verify ; passwords. ; ; To logoff press 'Windows key + L' - works on Win XP only. ; ; Use 'Windows key + E' to exit this kiosk script and start Windows Explorer ; desktop. - works on both Win XP and 2000 ; ; Win 2000 issues: ; - Win + u is not disabled. ; - Ctl + Alt + Del still takes you to the task manager screen, but it is all ; dimmed out ( not the best but it does not appear to be a security hole ). ; ; This script needs to be run from an administrative user account in order for ; the registry edits to work. Limited user accounts can't edit the registry. ; ; Full path to this script. kioskScript = %A_ScriptFullPath% ; Full path to the password checking exe file. passwdCheck = %A_ScriptDir%\passwdCheck.exe ; Full path to the Autohotkey.exe file. ahkInstall = %A_ProgramFiles%\Autohotkey\Autohotkey.exe If A_OSVersion Not In WIN_XP,WIN_2000 { MsgBox This script requires Windows XP or Windows 2000. ExitApp } #singleinstance force setbatchlines, -1 SetWinDelay, -1 SetTitleMatchMode, 2 ; No double quotes are allowed around the path to the Autohotkey.exe file. ; But double quotes are needed around the path to the kiosk script. ; This seems to be a registry requirment. kioskShell = %ahkInstall% "%kioskScript%" ; First time the shell is run - change the default shell. ChangeDefaultShell() ; --------------------------------------------- ; Security settings and hotkeys to setup before anything else starts. ; Hotkeys that do something usefull. Hotkey, #l, Exit2Logoff Hotkey, #e, Exit2Explorer ; Disable keycombos that run independent of the shell. ; ; Win + U (Open Utility Manager) ; This does not stop the utility manager in Win 2000. No solution found. Hotkey, #u, Junk ; Disable them Windows Security Screen (Ctrl + Alt + Delete Screen) buttons: WinSecurityButtons("off") ; --------------------------------------- ; Programs to start on login ; Start AutoIt3 Window Spy Run, "%A_ProgramFiles%\AutoHotkey\AU3_Spy.exe" ; Size adaptations for screen dimensions sh = %a_screenheight% sh -= 24 sw = %a_screenwidth% sw -= 5 ; Create the Gui Title = Kiosk Gui, -sysmenu Gui, Add, Button, x6 y20 w100 h30, Notepad Gui, Add, Button, x6 y70 w100 h30, Window Spy Gui, Show, x0 y0 h%sh% w%sw% NoActivate, %Title% ; Start forcing window postition and 'on top' SetTimer, CheckWin, 10 SetTimer, TimerCheck, 500 SetTimer, BackupTimeCheck, 60000 Return ; --- End of autoexecute section. ; --------------------------------------- ; --- Check if this script is the default shell. ChangeDefaultShell() { global kioskShell ; Find what shell is currently the default. RegRead, oldUserShell, HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell IfNotEqual, oldUserShell, %kioskShell% { ; Warn the user MsgBox, 4099, Warning, You are about to replace your default desktop with this kiosk script.`nYou will have to edit the registry by hand to reverse these changes.`nAre you sure you want to continue? ifMsgBox, Yes { ; We replace the Explorer shell (Desktop) with this script. RegWrite, REG_SZ, HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell, %kioskShell% Msgbox, Logout and then login for the Kiosk shell to start. ExitApp } else { ExitApp } } Return } ; --- Start Notepad. ButtonNotepad: { IfWinExist, Notepad { MsgBox, 4096, Warning, Only one Notepad is allowed to be open at a time., 30 Return } ; Start Notepad Run, Notepad.exe Return } ; --- Start Window Spy. ButtonWindowSpy: { IfWinExist, Active Window Info { MsgBox, 4096, Warning, Only one Window Spy is allowed to be open at a time., 30 Return } ; Start AutoIt3 Window Spy Run, "%A_ProgramFiles%\AutoHotkey\AU3_Spy.exe" Return } ; --- Disable close and escape GuiClose: GuiEscape: Junk: Return ; --- Keep the kiosk window where it is... CheckWin: { WinMove, %Title%,, 0, 0 WinSet, Bottom,, %Title% Return } ; --- Things to check periodicaly. TimerCheck: { ; Check if a Notepad window is minimized, restore if it is. WinGet, isMin, MinMax, Notepad if ( isMin = -1 ) { WinRestore, Notepad } ; Check if Window Spy is minimized, restore if it is. WinGet, isMin, MinMax, Active Window Info if ( isMin = -1 ) { WinRestore, Active Window Info } ; Close the 'Task Manager is Disabled' warning window. IfWinExist, Task Manager { WinClose, Task Manager } Return } ; --- Close any Notepad windows to allow the server to make a backup. BackupTimeCheck: { ; If 4:00 AM, plus/minus 1 minute, stop program so server can do backup. FormatTime, TimeString, T12, Hmm if ( TimeString >= 359 AND TimeString < 401 ) { GuiControl, Disable, Notepad SetTimer, BackupTimeCheck, Off ; Close the Notepad window WinClose, Notepad ; Wait 30 minutes for server to finish it's backup interval = 30 ; in minutes interval *= 60 ; convert to seconds Progress, R0-%interval%,, Notepad is unavailable now.`nPlease check back shortly., Making System Backup Loop, %interval% { Progress, %a_index% Sleep, 1000 ; 1 second } Progress, Off ; Start the timer again. SetTimer, BackupTimeCheck, On GuiControl, Enable, Notepad } Return } ; --- Disable/enable Windows Security Window buttons... ; Author: daonlyfreez WinSecurityButtons(toggle) { If toggle = off { SetTo = 1 } else { SetTo = 0 } ; Edit Registry Keys1 = NoBlock,NoRun,NoSMHelp,NoChangeStartMenu,NoClose,NoLogoff Loop, PARSE, Keys1,`, { RegWrite, REG_DWORD, HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, %A_LoopField%, %SetTo% } Keys2 = DisableTaskMgr,DisableChangePassword,DisableLockWorkstation Loop, PARSE, Keys2,`, { RegWrite, REG_DWORD, HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Policies\System, %A_LoopField%, %SetTo% } Return } ; --- Exit the Kiosk and start the Windows Explorer desktop. Exit2Explorer: { If ( Not ExitPermission() ) { Return } ; Enable Desktop Run, explorer.exe ; Done, so exit... ExitApp Return } ; --- Exit the Kiosk and Logoff the current user. Exit2Logoff: { ; For Win 2000 the logoff command is not available. No solution found. If A_OSVersion In WIN_2000 { Return } If ( Not ExitPermission() ) { Return } IfWinExist, Notepad { WinClose, Notepad ;Give time for Notepad to close. Sleep, 5000 } ; If we use 'Run' this script exits before the OS gets the command to logoff. RunWait, logoff ; Done, so exit... ExitApp Return } ; --- Does the user know the password? ExitPermission() { global passwdCheck SetTimer, CheckWin, Off Settimer, TimerCheck, Off Gui +OwnDialogs MsgBox, 4099, Exit Kiosk, Are you sure you want to exit? IfMsgBox, Yes { ; Password protection using the current users login password. InputBox, userPassword, Password, Enter Password, HIDE,,,,,, 60 ErrorLevel = 0 RunAs, %UserName%, %userPassword% RunWait, "%passwdCheck%",, UseErrorLevel RunAs, ; Reset to normal behavior. ifEqual, ErrorLevel, ERROR { MsgBox, 4096, Wrong Password,, 30 } else { ; Enable buttons WinSecurityButtons("") Return 1 } } SetTimer, CheckWin, On Settimer, TimerCheck, On Return 0 }PasswdCheck.ahk
returnYes the script is just a return, nothing more.