Jump to content











Photo
- - - - -

Restrict access to Command Prompt in Vista PE


  • Please log in to reply
12 replies to this topic

#1 Josh Zimmerman

Josh Zimmerman
  • Members
  • 5 posts
  •  
    United States

Posted 02 June 2009 - 08:32 PM

I've been trying and searching everywhere to figure out how to completely restrict any non-scripted access to command prompts once PE has booted up.
The problem is as follows. We are currently getting things ready to switch over from booting to DOS to reimage machines to booting to WinPE so that we can use various scripts afterward to assist in things like the naming of machines automatically. Things are working fine, but since we have over a hundred machines in the public we need to figure out a way to keep them secure from public tampering while the image software (Symantec Ghost) and the scripts afterward are running. Having the prompt up could be troublesome for us and we are looking for solutions. As I said I've already found a number of dead ends, but as it could always be my error, I'm happy to hear anything I've already tried.

#2 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 03 June 2009 - 06:19 AM

Can you describe the steps involved in your process?

I mean, someone from the IT department physically walks to the interested PC, boots on it WinPE and starts the imaging or re-imaging, and then walks away leaving the PC unattended?

And after a good coffee comes back and finishes the work?

So you have to "protect the machine" in this lag of time?

Or the procedure is different?

;)

jaclaz

#3 risolutore

risolutore

    Frequent Member

  • Advanced user
  • 311 posts
  •  
    Italy

Posted 03 June 2009 - 12:36 PM

to protect I remember the old scrset or the commercial Lock mY pC: or the transparent screenlock, that allow to get a transapenrent screen and block mouse and keyboard, so you can watch the progress of imaging-partitioning operation without having to heve a full sourvellaince service fot the worststion ,)))

#4 Josh Zimmerman

Josh Zimmerman
  • Members
  • 5 posts
  •  
    United States

Posted 03 June 2009 - 01:58 PM

That's it in a nutshell, except we don't have to come back and finish anything up, our scripts do that for us. After the imaging is done which we can monitor from a VC that connects to a computer, all we need to do is call over to where the computer was imaging and make sure that everything went through okay. So, we need to make sure users can't do anything during the process of imaging and scripting while it is still in PE.

#5 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 03 June 2009 - 03:39 PM

That's it in a nutshell, except we don't have to come back and finish anything up, our scripts do that for us. After the imaging is done which we can monitor from a VC that connects to a computer, all we need to do is call over to where the computer was imaging and make sure that everything went through okay. So, we need to make sure users can't do anything during the process of imaging and scripting while it is still in PE.


So, there is a one way "call" at the physical location of the machine at the beginning and after that everything is done in Remote? :cheers:

(which would rule out using something like Transparent Screen Lock, which if I remember correctly needs a user password being typed physically on the local machine)

And you cannnot "take control" from remote, disable keyboard/mouse and start the PE run from remote? :angry:

I have not a handy pre-made solution up my sleeve right now :), but I'll have a look at the problem and let you know if I find something suitable.

;)


jaclaz

P.S.: How good are you at programming (or have some willing programmer at hand ;) :) )?

This could be an idea:
http://www.codeproje...ckKeyboard.aspx

#6 sanbarrow

sanbarrow

    Silver Member

  • Developer
  • 788 posts
  • Location:Germany - Sauerland

Posted 03 June 2009 - 04:28 PM

... we need to figure out a way to keep them secure from public tampering while the image software (Symantec Ghost) and the scripts afterward are running.


Must it be VistaPE ? - in BartPE this is trivial

#7 Josh Zimmerman

Josh Zimmerman
  • Members
  • 5 posts
  •  
    United States

Posted 03 June 2009 - 09:03 PM

Locking the keyboard should fulfill exactly what we need, let me take a look into this and code something up and see if it works. Thanks a bunch.
As a note to Sanbarrow, I would consider switching, but the imaging software we are using is Symantec's GSS, which to an extent supports VistaPE booting. My bosses would prefer that we stay with what is supported... so unfortunately without spending enough time to convince them I would be unable to put it into practice.

#8 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 03 June 2009 - 09:18 PM

Locking the keyboard should fulfill exactly what we need, let me take a look into this and code something up and see if it works. Thanks a bunch.


You are welcome. :)

Please note that what you want to do is probably the thing detailed here:
http://www.codeproje...systemhook.aspx
(linked to in the comments on the previously given article)

Cannot say if this works in PE 2.x too:
http://www.sysint.no...eyboardLock.htm

This one does:
http://keylock.booring.net/

though the need of .NET is simply appalling! ;)

Other implementations (needing NOT such a large runtime):
http://tk.ms11.net/
http://www.100dof.com/kidkeylock.html
(how old are your users? :angry: :))

The "pro" version:
http://www.100dof.com/prokeylock.html
though Shareware, should be affordable.

;)

jaclaz

#9 sanbarrow

sanbarrow

    Silver Member

  • Developer
  • 788 posts
  • Location:Germany - Sauerland

Posted 03 June 2009 - 10:44 PM

As a note to Sanbarrow, I would consider switching, but the imaging software we are using is Symantec's GSS, which to an extent supports VistaPE booting.


Oops - I thought you were using ghost32

#10 Josh Zimmerman

Josh Zimmerman
  • Members
  • 5 posts
  •  
    United States

Posted 04 June 2009 - 04:02 PM

Just to follow up, using the idea of disabling the keyboard, I found some registry files that I can turn on and of with scripts to do what I want. It seems to be working fairly well for me. Thanks for all the help.

#11 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 04 June 2009 - 05:10 PM

Just to follow up, using the idea of disabling the keyboard, I found some registry files that I can turn on and of with scripts to do what I want. It seems to be working fairly well for me. Thanks for all the help.


It would be nice if you could publish the Registry entries or give a link to where you found them.

The solution to your problem may help another user in the future.

;)

jaclaz

#12 asforme

asforme
  • Members
  • 2 posts
  •  
    United States

Posted 25 August 2009 - 12:03 PM

Yes please share. I need to do exactly this. What registry keys did you modify?

#13 homes32

homes32

    Gold Member

  • .script developer
  • 1030 posts
  • Location:Minnesota
  •  
    United States

Posted 27 August 2009 - 06:28 PM

good things come to those who wait! :frusty:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users