tags:

views:

392

answers:

2
Q: 

ActiveX control within Web Page to create User Account

I'm wondering if there is any way to create a User Account on a Windows XP machine that can be done through scripting from an ActiveX control on a webpage. Specifically, I'd like to know if there's any way to deploy an ActiveX control with computers (that I preconfigure and ship) that will allow use of my webpage from that computer to detect that the ActiveX control is present, and allow for automated creation of local (Windows XP) user accounts on the computer. Essentially, consider this to be a question of preinstalling an ActiveX control (if necessary) and providing a link on the desktop; the user receives the machine and logs on (with admin rights) and goes to a web site, where my server determine what the appropriate user accounts are, sends them back as HTML, and the ActiveX control creates the user accounts I specify.

This sort of thing seems like it should be possible, but at the same time, there are obvious security flaws that are potentially involved. Access to these machines will be very limited, so the security issues are less of a concern.

Does anyone know if this is possible? Do any of the built in WMI components do anything like this? Is this even allowed by the security model of XP? Or is this just opening up a huge security hole that should be avoided entirely?

A: 

I don't think you could ever get Windows' security model - especially in IE - to permit this. You can do this with WMI using Win32_UserAccount in WMI, so a better approach might be to write a PowerShell or VBScript script that queries a Web page to see what accounts need to be created, and then creates them. The user would need to be a local admin. This is easier in PowerShell; if you get the sample scripts from www.sapienpress.com/powershell.asp (bottom of page, free), you'll see an example of how to submit a query to a URL and get the results back as text. You could then parse the text and create accounts accordingly.

Don Jones  2008-11-30 16:01:26
A: 

You have to set caspol security settings to fulltrust(or a custom set) either by using a url evidence or a strong name evidence.

After you made sure that your control always gets the fulltrust setting there are no limitations to what you can do with your control, Anything that can be done with a normal application will be possible from you embedded control. Of course Vista UAC and IE Protected Mode will be issues you have to look at. E.g. protected Mode can be worked around by adding your site to the Trusted Sites zone.

Edit: Ignore Vista specifics.

Jesper Palm  2008-11-30 17:07:13

related questions

Detecting the number of processors
EnumDisplayDevices vs WMI Win32_DesktopMonitor, how to detect active monitors?
How do I know if Windows has just recovered from a BSOD?
Win32_LogicalDisk fails for floppies.
How do i set the dns search suffix for a network adapter in .net?
The RunInstaller attribute in a WMI provider assembly
Can I test a floppy drive using WMI & System.Management namespace?
WMI calls from WebService
How do I get USB disk drive inserted and removed events in a service without hearing my hard drive being accessed repeatedly on some O/S's?
Possible to monitor processes another process launches via WMI?
How to remove published wmi schema?
Can you use WMI to create an MSMQ message queue (PRIVATE queue)?
Generating a unique machine id
missing WMI namespace on Vista/Server 2008
Bluetooth Signal Strength
How to publish wmi classes in .net?
Missing classes in WMI when non-admin
How do I access the non-IPM_SUBTREE Public Folder Tree with WMI?
How do I remotely get a checksum for a file on a Windows machine?
WMI - Directly accessing the singleton instance of Win32_OperatingSystem
Is there a way to generate WMI code/classes?
Unit testing with network-reliant code
WMI and Win32_DeviceChangeEvent - Wrong event type returned ?
Programmatically list WMI classes and their properties
Is there a WMI Redistributable Package?