views:

194

answers:

5

Hi,

I am creating a new Desktop in Windows XP/Vista and 7 using win32 API. This is more like having a secure Desktop and I don't want let any other application to be executed in that Desktop.

Well, in Windows XP if I press strg+shift+Esc or strg+alt+ent, in the Desktop which I created, I don't see the task manger on my Desktop but instead on the Default Desktop.

Well, that's ok, but in Windows Vista, doing the same I get the task manager in my Desktop where the user can start another application using File->New task (Run...) menu.

Here is my question, what is the best way to prevent task manager to be displayed in the desktop which I created or even prevent starting it?

1) using the registry key, 2) capturing the key strokes? 3) what else???

Thanks in advance! Gohlool

A: 

rename taskman.exe to somthing else.

Byron Whitlock
That might be the easiest way, but it's probably not the best way.
Robert Harvey
Well, I am not sure if UAC will let me to change the file name! But thanks for the comment!
Gohlool
A: 

This probably isn't the best solution, but you could always monitor for task manager and close it

foreach (Process clsProcess in Process.GetProcesses()) {
     if (clsProcess.ProcessName.StartsWith("taskmgr"))
     {
      clsProcess.Kill();
      return true;
     }
    }

Code is in C#

Jeremy Morgan
Well, thanks for that tip. It's a fine idea! The Problem is that am I going to be fast enough to get the list of processes every let say 50 ms and check for the "taskmgr"? Well, I'll try that! Thanks.
Gohlool
+2  A: 

Group Policy is your friend. Here's how to disable it.

Wayne Hartman
Thanks! But I don't want to disable it for everybody or even for my Desktop! As I said, when I change the Desktop, at that point I want to prevent task manager to be executed or shown in my Desktop, which I created by CreateDesktop() call!
Gohlool
A: 

See my solution to how-do-i-stop-an-application-from-opening This will work fine, I just tested it.

Stephen Nutt
WOW! That's a nice one! Since it is a entry in HKEY_CURRENT_USER there is no need of Admin privileges. So I can call add the Registry entry as soon I switch the Desktop() make that entry and delete it again when I am ready with my work! I'll give a try!
Gohlool
Well, I checked your solution again and noticed I was wrong with HKEY_CURRENT_USER! Its HKEY_LOCAL_MACHINE! Well, I already implemented a COM Elevation Moniker! can use that to access the Registry. Well, let see!
Gohlool
+2  A: 

I assume you are calling CreateDesktop, if so, you should be able to lock down that desktop with a security descriptor that only allows access to your program

Anders
Exactly! I am using CreateDesktop() API CALL! Do you have any hint or sample how to define the security descriptor! I rried but failed!Thanks!
Gohlool