I need to write a script that verifies that the user is not using the "Picture Password" feature in Windows 8. I'm using .NET 4.
I tried to search for info about it, but couldn't find anything. Do you have any clue how it can be done?
my company information securiy forbids using picture password when using other specific product (can`t give more info). I need to enforce this request by code.
You don't enforce these kinds of things with code, you enforce them with Group Policies.
To do so, open the Group Policy editor (gpedit.msc) and navigate to the following path:
Computer Configuration\Administrative Templates\System\Logon
Double-click the "Turn off picture password sign-in" setting, and set either the "Enabled" or "Disabled" option.
Of course, you don't have to do this on each local machine. You can create Group Policies that apply network-wide to specific groups of users. Ask on Server Fault to get more help on setting that up, or talk to your network administrator. Presumably if you have information security policies, you already have a department that handles these sorts of things.
I see that you have Windows-RT as a keyword on the question. So if the application needs to do the checking is a Windows 8 Store app (Modern/Metro app), you will not be able to achieve this.
There is no API to check for this in 8, and as far as I know there isn't one in 8.1 either.
There is no access to the registry for Store apps.
Even if you did manage a way to detect the settings via some other method, you need to ensure it's done through the Windows 8 API otherwise you won't pass certification (section 3.1).
You can however push the policy via GPO if that's an option.
Based on Windows 8 RT being removed from keywords, that means it's not a Windows 8 Store app. Leaving prior answer in case someone finds this and is asking about Store apps.
You should be able to review the setting via the registry at "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" and checking the value of either BlockDomainPicturePassword or AllowDomainPicturePassword.
I don't know why there is two, I'll leave the testing to you as to which one is the right one.
Related
So, i`m trying to check from my application if my device has any type of protection when user tries to unlock it.
What it means. I need to know if device could be unlocked without graphical (numeric) key for mobile devices. For desktop devices in I need to know if current user has password.
Is it possible in general for both cases (mobile and PC)?
On PC seems there is no method to detect if a password is set for the user account, but there is method to check if a Pin is set using KeyCredentialManager.IsSupportedAsync | isSupportedAsync method, you can check the official KeyCredentialManager sample, the PassportAvailableCheck() method in the SignIn.xaml.cs file.
For PC, Pin is a higher level security, it can be set only if a password is set and there could have other security policies. On mobile there is no password, if a Pin is set, it can be detected.
This topic belongs to the Security part of UWP apps, here are some good documents for example Create a Microsoft Passport login app, Fingerprint biometrics. They may not be able to fully solve your problem, but you can see what we can do and not be able to do in UWP app from these documents.
In our corporate environment we need to have the Privacy Mode in Lync 2010 enabled for a specific user group. Unforutnately it's only possible to enable this mode for the whole environment and not for specific users.
The idea is to enable the privacy mode via Lync policy for the whole environment and control the setting on the Clients with our software deployment system. It's possible to choose "I want everyone to be able to see my presence..." and "I want the system administrator to decide". What I'd need is a little client tool preferably written in C# which is able to change that Status option in the Lync 2010 client.
Unfortunately it seems like this is not simply a registry key being set. I found that there is a "PolicyPak" which is able to control this setting through Group Policies. Most likely they're using the LyncSDK to control this setting.
My questions is: Does someone know how to change this setting through the LyncSDK? I've already downloaded it but didn't really know where to start. Maybe someone can point me in the right direction.
From the research I've been able to do, I don't see any network traffic sent to the server or registry settings being modified.
This leads me to conclude the client (when setting this) loops through contacts and places them in the appropriate permission group. I'll revisit this post soon with findings and some code for testing purposes.
By using the UCMA it is possible to change the PrivacyMode for a user with the BeginUpdatePrivacyPreference method
According to msdn:
Windows Store apps that need programmatic access to user resources such as the Pictures library or connected devices such as a webcam, must declare the appropriate capability.
Is there a way to programatically identify when an app is asking for a specific capability, and to allow/deny the request?
I would prefer c# solutions, but also any other way will be ok.
Is there a way to programatically identify when an app is asking for a specific capability, and to allow/deny the request?
You don't. Windows handles this (with user input as apropos). AppLocker is the Windows feature if you want to block certain packages from installing.
i wanted to know which process in Windows is user specific, i mean it get created for each user login. i tried explorer.exe but when u switch user and log into new account then it shows old login name in my code. basically i need to just log which user logging when in app.
If all you need to know is which user(s) are using your app, can you just check Environment.UserName when you start your app?
I missed the tag indicating you created a Windows Service. That's a very different type of animal than a regular application, and the advice you receive for one is not necessarily transferable to the other.
Specifically, I notice that you've tagged this question windows-7. If you're trying to run this service under Windows 7, you need to understand a few things about how the model for Windows Services was substantially altered starting with Windows Vista. Specifically, they now run in an isolated session and are prohibited from interacting directly with the user.
Also see my answer here for a better explanation.
The fundamental point is that, from the perspective of a Windows Service, there is no such concept as the currently logged-on user. A Windows Service runs in its own isolated session and is not affiliated with any particular user. That's why the code you found to determine the user associated with a particular process is not working as you expect for a Windows Service. A standard user doesn't own the process running the service. (And replacing your service with an application is also not a viable option, given how I understand your requirements. As I explain here, user-mode applications are started when a particular user logs on and will be closed whenever that user logs off.)
Another problem is that more than one user can be logged in simultaneously to a single workstation. Windows is a thoroughly multi-user operating system, so the best that you can hope for is to enumerate all of the currently logged in users. The NetWkstaUserEnum function will get you that list, but note that it includes all types of logons, including interactive users, services, and batch logons. To call this function from C#, you will need to P/Invoke—you can find information about that over on pinvoke.net.
My question is sort of linked to this existing question
How to deploy a desktop .Net application with custom settings per user
However, I understand the idea of using Application Settings what I can't find information on is, how should I deploy the application settings for different customers?
We have a custom settings system that works just fine, however when the app is first run it needs to know a couple of things, such as Company Name and Application Server. These will obviously differ on a customer basis.
I don't want the user to have to input these settings at first run as in most cases the app will be deployed by Group Policy.
Currently my thinking is to have some sort of setting file in a separate build per customer. Is this the way to go, or have I missed some kind of native support for this idea of "customer profiles"?
EDIT:
More info that might help people grok my question.
This is an enterprise application that consists of a central database and application server, plus 100 installations of a client application. I need to be able to give the client application some application settings that will obviously be different for different customers.
A lot of applications ask you some initial settings at the first start (Microsoft Office, Visual Studio, etc.). So this behaviour is commonly known by the user.
Maybe the problem is more, that these initial settings revive an update of your application. To accomplish this you could save your data in a version independent path within the registry or somewhere below %AppData%.
Also it would be helpful to prefill these dialogs at the first startup, by getting these informations somewhere out of the machine (e.g. Company Name can be get from registry [HKLM\Software\Microsoft\WindowsNT\CurrentVersion\RegisteredOrganization] or as Application Server take the Gateway address, AD Server, whatever most commonly matches).
So in a best case the user will be presented with a already correct filled out form and just has to press enter or he makes only the changes that are necessary, but doesn't to fill out the complete dialog by himself.
Update:
So if the user doesn't know the Application Server path. Who does it? Where resides this information? Maybe you can enforce your customers to provide this information all the same way. Maybe they set some environment variable within the logon script or they put a file with the needed informations on a global accessible place (e.g. where the logon script resides).
If I understand right you want to deploy a pre-customized software for each user.
You could use WIX to create a MSI-package for each customer. You can deliver several user-settings in your customer-oriented msi. You can dynamically generate a WIX-XML-Document based on a data-source where you store your customers.
Is a bit work, but later saves a lot of work. The MSI-creation through WIX can be easily integrated into the build-process.
Given that it's an enterprise environment, have you considered using ClickOnce? We've had success mainly with startup arguments, e.g. http://servername/OurApp.application?environment=uat
It doesn't always scale, but you can pass arguments using GET variables and parsing the resulting QueryString when delivering via HTTP - http://msdn.microsoft.com/en-us/library/ms172242.aspx
You might pass in the settings in the QueryString, or create them in the database, generate a (hashed?) key and build a QueryString unique to that reference (with the added benefit that an inquisitive user wouldn't be able to manipulate the URI and fake a different set of parameters).