Lock Mouse To Input Box

by daytime10 at 2012-12-20 07:35:03

Hey Guys,

I am using Powershell to write a small script that is going to run on login requiring a charge number.

I need the user to enter valid information before they use the computer, I do not want them to be able to minimize the box and work. Anyone have any ideas on how to accomplish this? I was thinking either lock the mouse to the input box, or shutdown / disable explorer, or somehow trigger that secure desktop that Windows 7 uses.

Thanks in advance
by DonJ at 2012-12-20 07:55:22
I’m not aware of any means by which you could accomplish this from within PowerShell. You can’t run PowerShell code in the secure desktop, and I’m not aware of a way to have PowerShell display an entirely system-modal dialog box that couldn’t be bypassed. Normally, like on Internet kiosk machines, this is done by programming an extension to, or replacement for, Windows Explorer - something you couldn’t do in PowerShell.
by nohandle at 2012-12-20 08:21:26
You are creating some kind of kiosk PC? I don’t think powershell is meant to do this kind of things. It is achievable but c#, c++ would be easier. The whole task is bit complicated, to intercept the SAS (ctrl+alt+del) and authenticate the user you are gonna need to create custom GINA. If the user is authorized you can log to the computer to session with explorer shell or replace the shell with custom shell (I don’t know what you plan to let user do).

This should give you some boost:
Winlogon
Graphical identification and authentication
Customizing GINA, Part 1
Customizing GINA, Part 2
by daytime10 at 2012-12-20 10:57:08
I looked at doing a custom GINA but looks a bit too complicated for this.

Basically I want normal login and normal desktop to load but a message box pops up asking for a charge number, I need this information. I want to avoid having the user just minimize the box and not enter anything. I currently have error checking so they cannot enter anything they want or just hit OK and enter nothing

This is what I currently have and it works great, I just want to make sure they enter the data

$chargenumber = ""
$computer = gc env:computername
[string]$user = gc env:username
$date = get-date
$time = $date.ToShortTimeString()


#Setup log (check directory and set name)
$logdate = Get-Date -uformat "%Y%m%d"
$logname = "$logdate.txt"
if (!(Test-Path -path \logdata\log$\ChargeNumber$computer&#41:wink:
{
New-Item \logdata\log$\ChargeNumber$computer\ -type directory | Out-Null
}



#Display prompt, loop until we get data
while ($chargenumber -notmatch '\d{5}-\d{6}-\d{4}'){
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")

$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Charge Number Required"
$objForm.Size = New-Object System.Drawing.Size(300,150)
$objForm.StartPosition = "CenterScreen"

$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$chargenumber=$objTextBox.Text;$objForm.Close()}})

$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(87,75)
$OKButton.Size = New-Object System.Drawing.Size(100,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$chargenumber=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)

$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter a valid charge number"
$objForm.Controls.Add($objLabel)

$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)

$objForm.Topmost = $True

$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()

#Error Checking
if ($chargenumber -notmatch '\d{5}-\d{6}-\d{4}'){
[void] [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)
[void] [Windows.Forms.MessageBox]::Show(“Please enter a valid charge number XXXXX-XXXXXX-XXXX”, "Invalid Charge Number”, [Windows.Forms.MessageBoxButtons]::OK, [Windows.Forms.MessageBoxIcon]::Error)
}




}

#Write to log
Out-File -FilePath \logdata\log$\ChargeNumber$computer$logdate.txt -InputObject "Login $user $chargenumber $date" -Append -NoClobber
by nohandle at 2012-12-21 02:48:35
[quote="daytime10"]I just want to make sure they enter the data[/quote] Before they can use the session?
If you are ok with showing the ctr-alt-del screen when user presses the combination (all the items on in can be disabled but the screen still shows up) then you can do quite easy app that creates window (without border) and probably disables all keys combinations except the ones you need to insert the data (numbers, dash, backspace, delete, arrows) using this technique. You hook it as the shell using this technique and if the number is correct you proceed to launching explorer. And you set up autologin of course.

Still this is easier to do in C#, there is gonna by like one condition in the whole app that you’ll have to learn how to write. In overall the design and compilation is 1000 times easier. :slight_smile:
by daytime10 at 2013-01-04 06:33:56
Hey guys sorry for late reply was on holidays

NoHandle can you point me in the right direction for C# even though this is a Powershell forum :stuck_out_tongue: lol
by nohandle at 2013-01-04 08:20:54
Start from some "introduction to c#" book :slight_smile: I am not sure what you need it to look like. Or ask someone more experienced in your company for help.

Btw did some reading on the GINA and Microsoft changed the architecture since Vista. It now uses core and plugable credential providers.