Every file has security privileges that can be set. Perhaps that is the easiest approach depending upon your network/computer security setup. One setting for EXE files is to allow execution. I have not done this but I can't image it is too difficult.

* If you are using NT based OS, create a guest account that only has access to the application you want.

* Windows Steady State: http://www.microsoft.com/windows/pro...s/default.mspx

Advantage of Steady State is that it can be configured to restart at the clean system again for the next guest.

The point is that i would like to specify what exe's to allow, because user will have access to internet, giving them a possibility to download and execute tools to tweak windows.

For example, i have disabled the control panel, and i disabled regedit... but if they download another registry editor they can enable control panel easily... Thats the point.

Giving permissions to local Exes would work, but not if they download them from the internet.

Is preventing Exe enough?

Don't give them Admin access. Without admin access software can't be installed. Setting the correct group policies you can prevent them from even using the right click context menus. There are group policies to allow only read access to individual keys in the registry. Even with a different registry editor, a secured registry can't be modified. I also believe that you can control the list of software the user can execute via group policies.

If you want to do this on your own, you could write a root kit that checks every file name and if not on a white list prevent it. This could also be accomplished with file create (during download). If an exe is downloaded, prevent it.

If this person really isn't trusted. Let's say this person has malicious intent aren't the following also required:

Disable renaming a files. If they can run notepad.exe, they can just rename any exe to notepad.exe and execute it (if your white listing files). This could be managed by checking the name in the version tags (if the file has one) in addition to a MD5 hash to make sure the file hasn't been modified.

File Deletion. You also want to prevent the user from deleting your files. If you really don't trust the user you don't want them deleting the directory containing your personal files.

File Overwrite. You don't want the untrusted user to open your financial files delete or modify the contents and save the file overwriting the data.

File copy: You don't want the user to copy files by uploading them to the internet or to a USB flash drive.

Of course, there is the possibility that the user could have a bootable flash drive, boot to another OS and just take an image of your hard drive to look at later at their convenience. This can be prevented by using the BIOS password protection to the drive.

I am sure there are many other features you would need to prevent. I guess it depends how much you trust the person your lending your computer to.

Policy: Trust No One

Yes, you don't need to write this yourself, from Win2000/XP forward, almost all aspects of security can be set. Some apps (especially games) will refuse to run in limited account mode, especially if they write to "Program Files" or other restricted folders. I expect Windows can be reconfigured if there is an access problem with a particular folder.

TIP: One way to test whether your app works with Vista's UAC is to run it under 2000/XP's "Guest" account

Thanx for the tips guys, i will look into Group Policies.

I already disabled a bunch of stuff via the control panel of my app,
like, Control panel, Execute option, File menu from WIndows explorer, Renaming Files, registri editor (I will look into registry permissions), Right click on desktop and on Start button, Properties on "My PC"... And a bunch of stuff more.

Pretty good tips, thanx for the input!

By The way... Im looking for a way to temporarily (and inmediately) disable the Alt+Tab feature. I need it to work right away (no need to restart).

Keyboard Hooks didnt do the trick, Unless i did it wrong. subclassing didnt work either.
If you have some tips i wouls appreciate them.

Perhaps you could modify Jim Seekamp's code at: http://www.powerbasic.com/support/fo...ML/014359.html (the last thread).

That gives you a list of all running processes. Build up a list of DATA statements of (dis)approved programs. If it finds one, react accordingly.

Silly me!!!! I already know that code! I am using it to terminate the
task bar temporarily (so the Windows key doesn pop up anu windows)!!!

I will modify it to keep looking for unwanted applications.

Thanx for the reminder Mel!

I wonder if it also works with the Fast Switch of ALt+Tab...

According to this article:

I translated that example to PB but it doesnt seem to catch Alt or Tab.

Disregard the alt+tab issue. I decided to make my app a screensaver so windows
does all the ugly tramits.

Kiosk?

Hi Elias,

It seems to me that what you're really looking for is a kiosk app. The following four articles have some interesting info on the subject. I think they're written for RealBasic, but it's pretty much all API calls, so you should be able to translate quite easily.

Part one
Part two
Part Three
Part four

Regards,

Pete.

PS: If you do decide to go down this path, I'd strongly recommend developing in a Virtual Machine, unless you enjoy rebooting.

Perfect! Just perfect.

http://www.microsoft.com/technet/pro....mspx?mfr=true