How to change screen saver timeout and screensaverissecure using user32.dll for the current user (or) any other users in windows through C# code, as my application is running with SYSTEM privileges in the background process.
When we change the value of this registry using c# or scripting HKEY_CURRENT_USER\Control Panel\Desktop\ScreensaverTimeout
and HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure
this effect is showing only after reboot of machine.
when we change the registry value using c# code with SYSTEM privileges those changes are not effecting with new values.
Q1: ...this effect is showing only after reboot of machine:
After updating registry, you can call UpdatePerUserSystemParameters to force Windows to reread the configuration from the registry (so the update takes effect immediately).
rundll32.exe user32.dll, UpdatePerUserSystemParameters
Q2: ...with SYSTEM privileges those changes are not effecting with new values:
You need to launch a new process which is running in the same session as the current log on user, and update the registry values from the new process. This is good question to get started.
After you change windows settings like this you need to call the WinApi SendNotifyMessage with a WM_SETTINGCHANGE message to all windows. This is why your settings are not being updated until reboot. (I think you would find a logoff-on would achieve the same for that user).
WinApi
https://msdn.microsoft.com/en-us/library/windows/desktop/ms725497%28v=vs.85%29.aspx
C# wrapper over send message
http://www.pinvoke.net/default.aspx/user32.sendnotifymessage
Related
I need your help again :)
What I want to do:
I have a c# program which runs with normal user permissions - those can't be raised - and I want to change the system date (not time) from that program.
[EDIT] To be a bit more specific: I do have administrator credentials which could be embedded to the program (yikes, I know), but I want to avoid an UAC prompt.
When I launch cmd from outside Visual Studio and try to change the date, it fails with "missing client permission" (roughly translated from German). When I launch cmd as administrator, confirm the UAC prompt the same command succeeds.
I am writing from home, so I cant provide running code at the moment. But all my tries did compile and run without error but the date wasn't changed.
What I've tried:
Created a Process instance, applied admin credentials to ProcessStartInfo, set the FileName to c:\windows\system32\cmd.exe and the argument to /C date {thedate}. I redirected StandardOutput and StandardError and after execution StandardError contains the same message as stated above: "missing client permission"
I've modified this example MSDN: WindowsIdentity.Impersonate using PInvoke with AdvAPI32.LogonUser to raise permissions and Kernel32.SetSystemTime to change the system time. AdvAPI32.LogonUser succeeds and WindowsIdentity.GetCurrent().Name returns the admin name, but calling Kernel32.SetSystemTime fails with "missing client permission".
I've tried opening the current process AdvApi32.OpenCurrentProcess and adjusting the permissions using AdvApi32.AdjustTokenPrivileges following this example StackOverflow: Change system time programmaticaly using datetimepeaker and the code runs totally fine but Kernel32.SetSystemTime fails...
[EDIT] Solution:
I ended up writing a small program with an embedded app.manifest that requests administrator privilegs. This app is called from the main program so this can still be run by a normal user.
It is not possible to change the privileges of the process, once it's started. The original process has to start another process with elevated privileges. This second process can actually be the same .exe file, but with a command parameter that tells the process to do some small stuff and exit immediately.
To start a process with elevated privileges use Process.Start, but with .Verb = "runas", as described in another question. This will of course cause UAC prompt to pop up, if it's enabled on the machine. At least one UAC prompt has to be shown, because UAC prompt is the whole point if this defense mechanism.
If you want to reduce many UAC prompts to just one then you can set the original app to be started as administrator (UAC prompt shows when original process starts) and have just one process. Or have some interprocess communication between original process and elevated process, so that elevated process is started only once and made to finish when original process ends. In the second case UAC prompt shows the first time it's needed.
Can I ask why you are needing to change the system time from an unprivileged application?
If it is to influence other applications then you will need admin privilege since date time is such a vital system function to many other applications. However if you are just needing to adjust the date in your application only then I would suggest creating your own date/time provider that can return the date offset to the date that you desire in your application.
For example.
public DateTime GetDateWithOffset(int daysToOffset)
{
return DateTime.UtcNow.AddDays(daysToOffset);
}
As part of some work I need to get done for Windows 10, I have written a code in C# that essentially detects every minute whether a PC is in screen saver mode or not, and it writes to a table in MySQL the relevant status ("PC in use" if the screen saver is off, "available PC" if the screen saver is on).
I did this using (full link if required - https://www.codeproject.com/Articles/17067/Controlling-The-Screen-Saver-With-C):
// Returns TRUE if the screen saver is actually running
public static bool GetScreenSaverRunning( )
{
bool isRunning = false;
SystemParametersInfo( SPI_GETSCREENSAVERRUNNING, 0,
ref isRunning, 0 );
return isRunning;
}
The code works flawlessly in console application mode (I made a loop to test it out over a minute with a check up on screen save status every 10 seconds), this means in MySQL the status was set correctly every time, depending on the screen save status at the moment of the check up.
The problem occurs when I use this code for a windows service. The service is installed correctly, the log on tab is set on Local System (I also tried with the logged in user instead, same results) and I allow the service to interact with the desktop, just in case, but the difference here is that no matter if the PC enters screen save or not, it always returns false on GetScreenSaverRunning(), thus setting the status of the PC in MySQL as "PC in use", even if the screen saver is on at the moment of check up.
I get the sense that the problem isn't in the code itself, since it works without any issues as a console application, but perhaps something behind the scenes. I tried to search here and on many other websites, haven't found anything related to such a problem.
Does anyone have any idea at all what might be the issue? Any help and/or suggestions will be greatly appreciated!
Thank you in advance.
(I could post the code if required, but it is pretty much straight forward and the main part of it, controlling the screen save detection, is taken from the website mentioned above, afterwards it's a simple if (GetScreenSaverRunning() == true) )
Ever since Vista, Services are barred from a Interactive Session. Even if they run under the same rights, they do not get a interactive Session. I would guess that is getting in the way here.
While you can overwrite this behavior in the Service settings, this is not adviseable for new code. Consider making this a Background Task started by the Task Sheduler instead.
Because the windows service runs in different session then the windows logon. You can't interact with the desktop related services unless you run the windows service in win logon session. There used to be an option in Windows service manager where you can set the properties to "Interact with desktop session" but I don't think that ever worked.
There's a work around to run the windows service using the win logo session.
See this helper class that can get the current logged on user session and interact with the desktop services. https://github.com/murrayju/CreateProcessAsUser/blob/master/ProcessExtensions/ProcessExtensions.cs
Background
The company I work on is developing a kiosk-like application for tablets running Windows 8 Pro (on desktop mode). The user shouldn't be able to access anything that isn't the application itself: charms will be disabled, the taskbar will be hidden behind the application, etc.
This also means the user shouldn't be able to change network settings, leaving the responsability to keep the device always connected to us. Up to now, I had success using the Mobile Broadband API to assure the device is connected whenever there's a mobile network available. It'll detect disconnect events and try to connect again.
The Problem
Although the user shouldn't be able to do it, I'm considering the case where the user follows this steps:
User opens right-side charm,
clicks on Settings,
clicks on Network,
clicks on More PC Settings,
clicks on Wireless, and
disables the mobile broadband device.
I would like to be able to revert this programmatically and enable it again.
The Attempts
I have tried some different ways to force 3G being reenabled. Most of them give me the same result: they supposedly enable the device without errors, but I still cannot use it. Enable-NetAdapter in Powershell doesn't throw errors, and the Enable method of Win32_NetworkAdapter appears to work, but no dice.
I thought maybe the method IMbnRadio::SetSoftwareRadioState could be what I'm after, but I can't get to it when the device is disabled. The method IMbnInterfaceManager::GetInterfaces throws a COMException claiming the element could not be found (HRESULT = 0x80070490).
MbnInterfaceManager mbnInterfaceManager = new MbnInterfaceManager();
IMbnInterfaceManager interfaceManager = (IMbnInterfaceManager)mbnInterfaceManager;
// The following line throws a COMException:
IMbnInterface[] interfaces = (IMbnInterface[])interfaceManager.GetInterfaces();
mobileInterface = interfaces[0];
mobileRadio = (IMbnRadio)mobileInterface;
uint requestId;
mobileRadio.SetSoftwareRadioState(MBN_RADIO.MBN_RADIO_ON, out requestId);
Is there a way to override user preferences set on "More PC Settings?"
I found a sketchy way to solve this. Keep in mind this is undocumented, wrong, shameless and immoral, and will probably break eventually. The client is aware of this, but prefers to keep the access to the OS limited.
The setting in case is saved in the Registry. At least in the computers I've checked, it's stored in HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0022 in a key named RadioOff.
The Airplane Mode setting is also stored in the Registry, but in a different place. It's at HKLM\SYSTEM\CurrentControlSet\Control\RadioManagement\SystemRadioState in a key named (Default).
After changing these keys and rebooting, everything seems to work fine. I'll repeat though: you really shouldn't be doing this, especially the Airplane Mode thing.
How do I get the user's setting for screensaver / machine lock time?
Is there a function in C#?
If not, what is the WIN API function for this?
The screen saver timeout is obtained by calling SystemParametersInfo with the action SPI_GETSCREENSAVETIMEOUT.
Registry key - HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop look at the value of ScreenSaveTimeOut
Keep in mind your application will have to run with elevated rights in order to access the registry.
I'm trying to log in to a server through remote desktop using c#. I'm able to initiate the connection using the AxMSTSCLib and the code below. However, I'm stuck on our domain's security notice.
When logging in manually it requires you to click ok on the notice before the log in completes. I have been unable to find anyway to interact with this OK button through my application. I've tried variations of SendKeys, sending key events using interop services, finding the cursor position and sending a mouse click event...
I'm running out of ideas here.
rdp.Server = server;
rdp.Domain = domain;
rdp.UserName = userName;
IMsTscNonScriptable secured = (IMsTscNonScriptable)rdp.GetOcx();
secured.ClearTextPassword = password;
rdp.StartConnected = 1;
rdp.Connect();
Thanks
Well, there is a way to do what you ask.
You will need to download a copy of Windows 7 Embedded Standard (WES7 wSP1).
WES7 contains something that other editions of Windows 7 do not - a Dialog Filter.
It runs as a service, and allows you to specify certain window events to be performed automatically, without user interaction.
The Dialog Filter Editor is installed with the Windows Embedded Standard 7 tools in the EmbeddedSDK\bin folder.
All you have to do is:
Add the service to your Windows, by copying the necessary Dialog Filter files to C:\Windows\System32. There are x86 and x64 versions, so choose the correct architecture.
Register the files, and enable the service to run automatically.
Add the ConfigurationList.xml file created with the editor to C:\ProgramData\Microsoft\DialogFilter.
This location is hidden by defeault, so make sure to show hidden files and unhide protected system files in Windows Explorer.
I've actually created the ConfigurationList.xml file already, so you can simply copy the following code and save it as "ConfigurationList.xml":
<?xml version="1.0" encoding="utf-8"?>
<CL:dialogs xmlns:CL="urn:Dialogs">
<dialog>
<ProcessImageName>rundll32.exe</ProcessImageName>
<Title>Remote Desktop Connection</Title>
<Class>#32770</Class>
<Buttons>
<Button>OK</Button>
<Button>Cancel</Button>
<Button>Close</Button>
</Buttons>
<Actions>
<Action>OK</Action>
</Actions>
</dialog>
</CL:dialogs>
As you can see, the action is set to press the OK button automatically in the RDP dialog that pops up when making an RDP connection.
More info regarding the Dialog Filter directly from MS:
https://msdn.microsoft.com/en-US/library/ff794135(v=winembedded.60).aspx
Just found a much easier way to do this:
There's a free small app called ClickOff, which works in a very similar manner to Windows Embedded Standard 7 DialogFilter.
You can download ClickOff v1.90 here.
After you install ClickOff, you can define which window to capture, and which button inside it to click. Only thing is that you must add it to your startup apps.
I have already created a clickoff.lst file which clicks OK on the 30-sec RDP timeout popup window. The file should be placed in C:\Users\USERNAME\AppData\Roaming\ClickOff. Here's the contents of the file:
1.900
WINDOWTITLE="Remote Desktop Connection" BUTTONTEXT="OK" MSGTEXT="CompName\\UserName wants to connect to this machine.\r\n\r\nClick OK to disconnect your session immediately or click cancel to stay connected.\r\n\r\nOtherwise, you will be disconnected in 30 seconds." BUTTONID="1" MSGID="65535" DLGID="0" CLKEVENT="17" CLKMETHOD="3" TIMESCLICKED="0" WAIT="0" BPOSX="0" BPOSY="0" ;
Cheers.