Ignore Most Keystrokes and Mouse Events

Question

3.00/5 (2 votes)

See more:

I need to write an app that prevents the user from using the computer if they don't accept the security agreement first. It's like an additional logon layer, from the user's point of view.

The Problem: The app runs after the user logs on, so I have to go full screen (easy) and prevent them from ALT-TABbing to anything else, opening the Task manager, using the Start key, etc.

And the app has to be self-contained, i.e. no extra DLLs, etc.

And work well in Windows 7 and well-enough in XP for those few folks who are stuck with it.

How should I do it?

1) Brute force ugly-but-easy-method: put in a timer that resets the focus to the Agree/Disagree buttons every 10^th of a second so the user doesn't get a chance to do anything else?

2) Spend hours writing global hooks to eat any keystrokes or mouse clicks I don't want?

3) [some other way I can't think of]

Your opinion? (Or links to someone who has already done it so I can be lazy?)

Posted 24-Sep-12 8:54am

GenJerDan

Updated 24-Sep-12 9:15am

v2

Add a Solution

Comments

Kenneth Haugland 24-Sep-12 15:03pm

Write two separate dialogs, and if the user clicks cancel close the program, if the user clicks ok open the program?

GenJerDan 24-Sep-12 15:14pm

I guess I explained it badly. It's to prevent users from the using the computer, not just an app. It's essentially an additional log on screen for the system. (I'll edit above to clairify.)

Sergey Alexandrovich Kryukov 24-Sep-12 16:22pm

That is the critical point -- "the computer" which makes such behavior an outlaw. On could even sue your company for such things. And even it this happens inside your company, it could be classified as sabotage, seriously.
--SA

Sergey Alexandrovich Kryukov 24-Sep-12 16:21pm

No matter how implemented, it will be the abuse, as OP is talking about "using the computer". The discussion of the goals of this is required.
Please see my answer.
--SA

GenJerDan 24-Sep-12 16:33pm

Unless the user agrees to abide by the agreement, they ARE NOT ALLOWED to use the computer. If they don't like it, they can find another job somewhere else.

2 solutions

Solution 2

I'm using the global hooks method to capture all keystrokes so the user can't get to anything else on the system as long as the app is running.
The only way they could bypass it would be to ctrl-alt-delete to get to the Task Manager...which is not available to them because of a GPO.

Posted 26-Sep-12 3:09am

GenJerDan

Comments

fjdiewornncalwe 26-Sep-12 9:56am

I'll give you a +5 for finding a solution to your issue and sharing it. I am a little skeptical if perhaps there was a more creative way to provide this functionality. I certainly don't have a better suggestion, but somehow a brute force approach like this always makes me cautious.

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2012-09-24T10:19:00

Solution 1

"Using a computer" is something not related to your application, but to the OS, a user session and authentication. If you want to prevent log in or force a person to log out, you need to do it on the OS level, through the log in / log out mechanism.

Preventing using a computer on the application level would be the abuse, not matter what you do. The mere fact that you want to restrict user's rights to use the user's own computer before login is a clear case of abuse anyway.

The reasonable user won't consider your company as a fair player and won't want to deal with your products. Try to draw your conclusion: who is the looser? :-)

Listen to the good friendly advice: don't do anything like that. Or explain your ultimate goals in detail to, before discussing the technical detail.

—SA

Posted 24-Sep-12 10:19am

Sergey Alexandrovich Kryukov

Updated 24-Sep-12 10:27am

v4

Comments

fjdiewornncalwe 24-Sep-12 16:24pm

+5. I totally agree.

Sergey Alexandrovich Kryukov 24-Sep-12 16:25pm

Thank you, Marcus.
I knew you would understand this. :-)
--SA

GenJerDan 24-Sep-12 19:57pm

Not the usrer's computer. They belong to the Federal government.

pasztorpisti 24-Sep-12 22:35pm

First time I thought this is a joke but realized that it might have real basis. Still I write here my smiley that I wanted to put here racting to my first impression: :-)

Sergey Alexandrovich Kryukov 24-Sep-12 23:34pm

Thank you for this comment. I'll comment the whole situation.

I don't think using the government property makes principal difference. I'll explain.

OK, the computer supplied by government and is used by government employees. And then, the dirty trick you would like to implement sabotages the work of those government employees, no less. And if the government employs some workers, it is supposed to provide reasonable working conditions adequate to their responsibilities, and this is really required to be on safe side. If the user is required to accept a security requirements formally, and really no work is allowed before that, it should be on the logon stage; no way it could be done after such highly controlled user is already logged on.

I do think the problem is artificial though. Be requiring that weird thing OP calls "after the user logs on", OP tries to simplify his task. Not so fast. The serious security measures require serious approach and appropriate technology. OP just need to do a lot more work a lot more seriously and, as a minimum, investigate how to hook into the log in procedure.

By the way, I don't know what kind of "KGB" is upholding the security in OP's organization, but I would be very careful with a developer who takes the freedom of asking such question at CodeProject forum. No, real professional dealing with security don't do it, if it is related to such work. Potentially, it could be already considered as a leak of sensitive information. :-)

--SA

pasztorpisti 24-Sep-12 23:43pm

Unfortunately in some cases you never find out the truth. Anyway I think it would be wise to mention this security stuff in the eployee's work contract or as an attachment to that so that she/he is aware of security issues and implications when using the company infrastructure.

Sergey Alexandrovich Kryukov 25-Sep-12 0:25am

Goes slightly beyond of the programming topic, but you know what? I thinks one of the important things is to ability to identify and fight anti-patterns. Knowing and understanding them is way more important then all those design or architectural patters, I believe. And the first superclass of the anti-patterns is the set of groups of social ones, as in this article:

http://en.wikipedia.org/wiki/Antipattern#Social_and_business_operations

The problem is: it might be exactly the case of some social anti-pattern, and this is hard to withstand. Did you read Parkinson's Law?

http://en.wikipedia.org/wiki/Parkinson%27s_law

--SA

pasztorpisti 25-Sep-12 5:33am

The Parkinson is a classic, and its especially true for software development all the time. :-) About patterns/antipatterns: They are two sides of the same coin - you know more and more of both as you discover the unknown, but sometimes its better to know one good solution even if you don't know any anitpatterns. Its sad that in many context identifying an antipattern isn't enough, I truly believe that the existence of some antipatterns in some contexts (like management, and social ones) is artificial and serve the benefit of a group. Of course sometimes the reason is just "blind stupidity" (as you described), but in a lot of cases money rules...

Sergey Alexandrovich Kryukov 25-Sep-12 14:12pm

Well, that's true. My note on the knowledge was rather about relative values of job candidates, that's it. The familiarity with anti-patterns gives better chances to avoid stupid mistakes, and the "positive" technique could be taught more easily, really.

Yes, anti-pattern like a tool working in the interest of a narrow groups or individual... absolutely, this is a big and really existing problem. But in this case, this is not the anti-pattern relative to such groups; from this standpoint, this is rather the anti-pattern for the person who is responsible for directing them... and yes, if that person can identify it as anti-pattern, it still could be difficult to eliminate it in practice, as those people could resist, and replacing people even in US settings could be not easy at all... I think re-reading of Parkinson's book would help to find such cases...

--SA

pasztorpisti 25-Sep-12 20:33pm

The "artificial antipattern" related thoughts came as a response to the the "Mushroom management" entry (from your link) that I know from work experience. Then I automatically projected this to a larger scale onto the relationship between the government and the masses which may contain similar elements... And we could easily find other similar situations where silently lying is allowed. :-)

Sergey Alexandrovich Kryukov 25-Sep-12 20:39pm

This thing does exist and is very counter-productive and just immoral; and, at the same time, the concept promotes conspiracy-theory thinking. "Governments hides..." is a known meme :-)
--SA

GenJerDan 25-Sep-12 9:09am

Nah. It's just the standard Gov warning. Same thing, pretty much, that pops up if you go to a government website.
And (and maybe I should have said this) it only pops up once per year. If the user agrees, they're good until the next year.

Sergey Alexandrovich Kryukov 25-Sep-12 14:16pm

Understood, so what? And I understand this is a kind of formality, a legal record, in fact. I think, you have just two legitimate choices: 1) restrict the operation of the application issuing the request for such information, allow all other operations; 2) restrict the log on.
That's it.
--SA

GenJerDan 26-Sep-12 9:06am

It's not restricting the application. It's restricting the use of the entire computer on the network. Logons are already restricted via Active Directory. It's a legal requirement that the users agree to the terms of use once a year. Anyway, I found a solution.

Sergey Alexandrovich Kryukov 26-Sep-12 17:05pm

I already answered to this -- option #2. (Don't try to cheat your destiny -- do it all :-)
And what that solution could be, I wonder?
--SA

Sergey Alexandrovich Kryukov 24-Sep-12 23:37pm

Hm. Please see my comment above. And be careful.
--SA

Ignore Most Keystrokes and Mouse Events

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Ignore Most Keystrokes and Mouse Events

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Existing Members

...or Join us