I know this question has been asked a few times and in a few different ways. However, across all the questions and answers, no one has been able to answer completely given my situation...
我知道这个问题已经被问过几次,并且有几种不同的方式。然而,在所有的问题和答案中,没有人能够完全回答我的情况……
I work on medical devices and they run Windows. The application runs as the shell, users shouldn't be able to get behind the application, and ideally they wouldn't be able to do anything that indicates that the system is running Windows. Access to the full keyboard is necessary so disabling, damaging or remapping keys is not a solution. Given that, we need to disable SAS/CAD/Ctrl+Alt+Delete in specific; some others too, but those are easy with hooks.
我在医疗设备上工作,他们运行Windows。应用程序作为shell运行,用户不应该能够支持应用程序,理想情况下,他们不能做任何表示系统运行Windows的操作。使用完整的键盘是必要的,因此禁用、损坏或重新映射键不是解决方案。鉴于此,我们需要禁用SAS/CAD/Ctrl+Alt+Delete;还有一些其他的,但是这些都很容易用钩子。
Up until recently we've been using Windows XP Embedded and could replace GINA, but we're about to switch to Windows 7 (technically Windows Embedded Standard 7; but in our case they're essentially the same) and GINA is no longer an option. There must be a way to do this.
直到最近,我们一直在使用嵌入的Windows XP系统,可以替换吉娜,但我们即将切换到Windows 7(技术上是Windows嵌入式标准7;但在我们的案例中,他们本质上是一样的,吉娜不再是一个选择。一定有办法做到这一点。
Since I've seen comments about this on other questions: I do believe this belongs on Stack Overflow. Replacing GINA is a programming question and there's no reason to assume this won't be too. While I'm open to a non-programming solution, I doubt MS would make this kind of change available in the registry, etc.
因为我在其他问题上看到过这样的评论:我相信这属于Stack Overflow。取代吉娜是一个编程问题,没有理由认为这也不可能。当我对非编程解决方案开放时,我怀疑MS是否会在注册表中提供这样的更改。
3 个解决方案
#1
18
Except for remapping/disabling keys, it is not possible to prevent Ctrl + Alt + Delete handling outside of kernel level code. I think this is fundamental security design feature of windows NT (and all derivatives). (Reasoning here.)
除了重新映射/禁用键之外,不可能在内核级代码之外防止Ctrl + Alt + Delete处理。我认为这是windows NT(以及所有衍生产品)的基本安全设计特性。(推理)。
I would suggest writing a custom keyboard filter or device driver (or looking for an existing one perhaps). Not an easy task, but doable. Example resources:
我建议编写一个自定义键盘过滤器或设备驱动程序(或者寻找现有的一个)。这不是一件容易的事,但却是可行的。资源的例子:
- Keyboard Filter Driver for Windows Embedded Standard 7 - by Elbacom
- Windows嵌入式标准7 - by Elbacom的键盘过滤器驱动程序。
- Interception (source) - A programming interface for intercepting input device communication.
- 拦截(源)-拦截输入设备通信的编程接口。
- Writing a keyboard device driver
- 编写一个键盘设备驱动程序。
That first link to the Elbacom blog, in particular, could be useful since you are also targeting windows 7 embedded.
这第一个链接到Elbacom的博客,特别是,可能是有用的,因为你也针对windows 7嵌入式。
The second link, to Interception, is newer and might also be quite useful. It provides the kernel level module and abstracts some of the handling.
第二个链接,即拦截,是更新的,也可能非常有用。它提供了内核级模块,并抽象了一些处理。
As a possible alternative, consider that though you can't disable the Ctrl + Alt + Delete hook without a device driver/filter, you can prevent all of the tasks that are accessible via that hook per changes to registry or with group policy editor. A previous edit of this answer linked to a utility called "Tweak Ctrl-Alt-Del Options" that made it very easy to disable all activities accessible via Ctrl-Alt-Del. That utility is no longer available from the original source, but is still find-able and there are others like it.
作为一种可能的选择,考虑一下,如果没有设备驱动/过滤器,您不能禁用Ctrl + Alt + Delete钩子,您可以通过对注册表或组策略编辑器的更改来阻止所有可访问的任务。之前的这个答案的编辑链接到一个名为“调整Ctrl-Alt-Del选项”的实用程序,它使得禁用所有通过Ctrl-Alt-Del访问的活动变得非常容易。该实用程序不再从原始源代码中获得,但仍然可以找到,还有其他类似的工具。
#2
0
This article http://www.codeproject.com/Articles/7392/Lock-Windows-Desktop seems to have some good guidance there. The one I think will likely work : a) Replace the shell for system in the registry. That will mean that Explorer is not the one running as the default desktop. That might let you handle Ctrl+Alt+Del b) Force your application to run in a different desktop than the default. That will prevent the user from switching from it until the application is done.
这篇文章http://www.codeproject.com/articles/7392/lockwindows - desktop似乎在那里有一些不错的指导。我认为可能会工作的一个:a)替换注册表中的系统外壳。这意味着Explorer不是作为默认桌面运行的。这可能会让你处理Ctrl+Alt+Del b)迫使你的应用程序运行在一个不同于默认的桌面。这将阻止用户从它切换到应用程序完成。
All this assumes that you have complete control over that machine.
所有这些都假定您完全控制了该机器。
#3
0
You can disable CAD through group policy: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon set this value to 1.
您可以通过组策略禁用CAD: HKLM\软件\Microsoft\Windows NT\CurrentVersion\Winlogon将此值设置为1。
or, through the advanced user accounts menu:
或者,通过高级用户帐户菜单:
-
Open the Start Menu.
打开开始菜单。
-
In the search line, type netplwiz and press Enter.
在搜索行中,键入netplwiz并按Enter键。
-
Click on the Advanced tab.
单击高级选项卡。
-
To Enable Secure Log On A) Check the Require users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below.
要启用安全日志,请检查要求用户按下Ctrl+Alt+Delete框。注意:如果设置是灰色的,那么请参见下面的选项3或选项2。
B) Go to step 6. 5. To Disable Secure Log On A) Uncheck the Requires users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below. 6. Click on OK.
B)去第六步。5。若要禁用安全日志,请按下Ctrl+Alt+Delete框。注意:如果设置是灰色的,那么请参见下面的选项3或选项2。6。单击OK。
#1
18
Except for remapping/disabling keys, it is not possible to prevent Ctrl + Alt + Delete handling outside of kernel level code. I think this is fundamental security design feature of windows NT (and all derivatives). (Reasoning here.)
除了重新映射/禁用键之外,不可能在内核级代码之外防止Ctrl + Alt + Delete处理。我认为这是windows NT(以及所有衍生产品)的基本安全设计特性。(推理)。
I would suggest writing a custom keyboard filter or device driver (or looking for an existing one perhaps). Not an easy task, but doable. Example resources:
我建议编写一个自定义键盘过滤器或设备驱动程序(或者寻找现有的一个)。这不是一件容易的事,但却是可行的。资源的例子:
- Keyboard Filter Driver for Windows Embedded Standard 7 - by Elbacom
- Windows嵌入式标准7 - by Elbacom的键盘过滤器驱动程序。
- Interception (source) - A programming interface for intercepting input device communication.
- 拦截(源)-拦截输入设备通信的编程接口。
- Writing a keyboard device driver
- 编写一个键盘设备驱动程序。
That first link to the Elbacom blog, in particular, could be useful since you are also targeting windows 7 embedded.
这第一个链接到Elbacom的博客,特别是,可能是有用的,因为你也针对windows 7嵌入式。
The second link, to Interception, is newer and might also be quite useful. It provides the kernel level module and abstracts some of the handling.
第二个链接,即拦截,是更新的,也可能非常有用。它提供了内核级模块,并抽象了一些处理。
As a possible alternative, consider that though you can't disable the Ctrl + Alt + Delete hook without a device driver/filter, you can prevent all of the tasks that are accessible via that hook per changes to registry or with group policy editor. A previous edit of this answer linked to a utility called "Tweak Ctrl-Alt-Del Options" that made it very easy to disable all activities accessible via Ctrl-Alt-Del. That utility is no longer available from the original source, but is still find-able and there are others like it.
作为一种可能的选择,考虑一下,如果没有设备驱动/过滤器,您不能禁用Ctrl + Alt + Delete钩子,您可以通过对注册表或组策略编辑器的更改来阻止所有可访问的任务。之前的这个答案的编辑链接到一个名为“调整Ctrl-Alt-Del选项”的实用程序,它使得禁用所有通过Ctrl-Alt-Del访问的活动变得非常容易。该实用程序不再从原始源代码中获得,但仍然可以找到,还有其他类似的工具。
#2
0
This article http://www.codeproject.com/Articles/7392/Lock-Windows-Desktop seems to have some good guidance there. The one I think will likely work : a) Replace the shell for system in the registry. That will mean that Explorer is not the one running as the default desktop. That might let you handle Ctrl+Alt+Del b) Force your application to run in a different desktop than the default. That will prevent the user from switching from it until the application is done.
这篇文章http://www.codeproject.com/articles/7392/lockwindows - desktop似乎在那里有一些不错的指导。我认为可能会工作的一个:a)替换注册表中的系统外壳。这意味着Explorer不是作为默认桌面运行的。这可能会让你处理Ctrl+Alt+Del b)迫使你的应用程序运行在一个不同于默认的桌面。这将阻止用户从它切换到应用程序完成。
All this assumes that you have complete control over that machine.
所有这些都假定您完全控制了该机器。
#3
0
You can disable CAD through group policy: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon set this value to 1.
您可以通过组策略禁用CAD: HKLM\软件\Microsoft\Windows NT\CurrentVersion\Winlogon将此值设置为1。
or, through the advanced user accounts menu:
或者,通过高级用户帐户菜单:
-
Open the Start Menu.
打开开始菜单。
-
In the search line, type netplwiz and press Enter.
在搜索行中,键入netplwiz并按Enter键。
-
Click on the Advanced tab.
单击高级选项卡。
-
To Enable Secure Log On A) Check the Require users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below.
要启用安全日志,请检查要求用户按下Ctrl+Alt+Delete框。注意:如果设置是灰色的,那么请参见下面的选项3或选项2。
B) Go to step 6. 5. To Disable Secure Log On A) Uncheck the Requires users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below. 6. Click on OK.
B)去第六步。5。若要禁用安全日志,请按下Ctrl+Alt+Delete框。注意:如果设置是灰色的,那么请参见下面的选项3或选项2。6。单击OK。