Executing C#.NET Managed Application

[Richard Slater]

Has anyone one got any idea on how to execute a C#.NET managed application from the command line?

The problem is this, I have to create some way of locking down a workstation to prevent users from accessing anything other than their N: Drive, X: Drive, Word and Excel. I quickly wrote something in VC#.NET 2.0 which works like a charm, however I can't figure out any way of using that application as the shell in replacement of Explorer.

A soloution would be to re-implement the application in something that didn't compile into .NET 2.0 Managed code... anyone know if VC++.NET 2.0 Express can combile to a Unmanaged W32 executable (.exe).

Any ideas/thoughts appreciated.

 

[Richard Slater]

You don't need to bypass explorer at all, you just don't load it as the windows shell.

Essentialy what you do is modify the following key:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell"

and change the setting from explorer.exe to the name of your new shell, one example that I use to demonstrate this is to use sol.exe (Windows Solitare), this means that instead of explorer.exe loading (which loads the start bar and desktop) sol.exe loads... which is great... a PC that can only play solitare

My application would be running as the windows shell, and spawns processes for Word and Excel as required, it spawns explorer processes with the /root,"x:" argument which prevents the user from escaping out of that tree (sort of like chroot).

Regarding launching .net applications, as far as I am aware they don't compile down into normal Win32 executables the compile down into MSIL files (.manifest? and .deploy?) I can't see any way to execute them through Start -> Run, Shortcuts, RunOnceEx, etc.

Regarding other access points to searching the hard disk, many of them can be locked down through Group Policy, f.ex. I can prevent users from accessing the C: drive at all on all workstations throughout the school.

 

[Richard Slater]

This is what the group policy is for!

Group Policy only goes so far, for examle you can not remove start menu items, or restrict access to certain applications such as Calculator on a user by user basis... of course if you can direct me to the right parts of Group Policy to give me this kind of totalitarian control over the users desktop then please set me in the right direction.

To answer your original question, .NET applications should just compile to an MSIL executable, so I can't see where the problem is

OK... what files are these MSIL executables? .manafest? .deploy? you can't set that as your shell can you?... I may have to experement further but from initial attempts in VMWare noting loads... maybe again I am heading down the wrong track... can you direct me down the right one?

 

[Richard Slater]

Thanks, I have used Group Policy extensivly to "lockdown" students desktops with great sucess... however the ability to allow only:

- N: Drive
- X: Drive
- Word
- Excel

Just for certain users (rather than the computer) has eluded me, it must be this way as one hour they will be used for exams and then the following hour they will be used for a class room, with only about 5 minutes between to reverse any computer level changes.

As for running a .NET app instead of explorer.exe I am not sure what trouble you are having? Surely if you replace explorer.exe with youapp.exe, that will run instead? Or is it giving you errors?

As far as I can fathom .NET 2.0 dosn't compile to yourapp.exe it creates a deploy file registers the application manafest with the .NET service running on the computer... these are the only executable files created by the C#.NET 2.0 compiler.

I can't see an option for compiling to .NET unmanaged code, which as far as I understand would compile to an exe file.

 

[Richard Slater]

EDIT: A problem you might come accress with an application like you are doing is if the user goes to save a file in Excel or Word and right clicks a folder a selects explore that will fire explorer.exe so you will need to remove these items from the context menu.

As you pointed out before, many of the problems associated with users using right click in common file dialogs can be alleviated through group policy. Hence the reason I am trying to create a bespoke launcher in VC#.NET 2.0 and then lock the applications down themselves with Group Policy.

 

[Richard Slater]

You been hittin the crack pipe?

LMAO... I wish... no hang on...

I will try and explain better when I get to work.

 

[Richard Slater]

rob,

I don't know what I was doing wrong either, both me and the guy who is implementing this were searching for the EXE and not finding it, the link that the installer (the one created with Right Click -> Publish) puts in the start menu is of type "application reference" which gave me no clues.

Sorry for being retarded and wasteing your time, thank you for everyones help. I will report back if it works.

 

[Richard Slater]

Thanks sfx, I do the majority of the testing and building in the environment so it runs it for you. I only used publish so that I could give something simple to the users to have a play with and tell me what they thought.

However this publish feature did seem to throw me, I am assuming it is targeted at building the project for web deployment?

 

[Richard Slater]

How are you going to stop users doing ctrl-alt-delete > task manager > run > explorer.exe? Or even windows key + R? I'm sure it's possible, but thought i'd mention it incase you'd overlooked it.

We have already disabled Task Manager using Group Policy. I think Windows Key + R is an explorer shortcut thus if explorer.exe is not running then it won't run. I will add it to the testing document regardless just to be complete.

Initial testing seems positive, we are just working on a custom Group Policy to change the registry setting on workstation, once we have got that down to a tee I can package up the application as a MSI, deploy both .NET Framework 2.0 and the application to the workstations then apply the group policy as required.

Thanks again for everyones help.