vegaskurt

I have already posted this question, but due to improper moderation my post has been continually moved to the wrong forum so I will post again.

I was asked by my high school to create a program that would detect when a USB mass storage device was plugged into the machine. To due this my partnered decided to catch windows messages which is described here http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=1238491&SiteID=1 . After the device is detected, the school asked for the device to be searched for files that were not wanted by the school. An example of this is firefox portable which has become a popular choice for many students to get around the proxy in our school. Once the drive is searched, if any files were flagged as inappropriate, it creates a log file on the network of what files were found, the time and date, the computer the user is on, and their school information (if they are logged into our network). I would also send an email with the same information that was in the log file to a network administrator.

Now on to the problem. My partner and I were able to create the program in full with a GUI interface for debugging purposes, but now we would like to convert it to a service to run in the background without the student knowing about it. So we added a windows service project to our solution using VS2005 and we created the installer and service file and this works fine and the service begins to run. However we put in code to write to a text file everytime a new step in executed by the service and the program runs to the point where it sets it up to catch windows messages and then doesn't work anymore. For some reason it no longer catches windows messages, does anyone know why this is Do services need to have certain rights to access windows messages or is there something else I am missing Any help is greatly appreciated, our deadline is within two weeks now, thanks in advance.

vegaskurt



Re: Visual C# General Need Help with Services!

TaylorMichaelL

You have the right idea about using services to prevent students from circumventing your system but I'm afraid you are at a catch-22. The very security that isolates services from normal users also isolates users from services. User32 (from which SendMessage comes) does not work across desktops. Services run under a special desktop separate from user apps. This is why services can't have GUIs directly. If you think about it for a minute it makes sense, especially given that terminal services runs as part of the OS on even XP. If SendMessage worked across desktops then you could muck around with other logged on user's apps. Not good. There is no workaround as this is just good security.

The more I think about your problem the more I think your solution is only a "first-pass" solution. The problem is that I can work around your security pretty easily. And once I do every student in the school will know. So if it takes you a month to write the solution and a day for me to work around it then you've not succeeded in much.

I'm no network security expert but every secure network I've ever seen places all the security on the routers, firewalls and group policies. If you don't want students going to certain websites or domains then put blocks on those addresses at the firewall. If you don't want students to use anything other than IE then set up group policies that restrict the execution of programs such as firefox or netscape. Presumably you have your systems locked down so students can't circumvent your security settings. I think these solutions are easier and more maintainable in the long term. You can also set up content advisory on IE to help block large portions of the INet. Finally you can block entire applications like IM from running by blocking the appropriate ports at the firewall.

No matter how hard you try students will find new websites or programs to work around your existing security. Therefore periodic auditing of the network usage is important. This will identify new programs that students are using to get to things you don't want them to and/or eat up the network bandwidth. It is also a deterent for those students who might want to "experiment" with the network security. If students know they can be audited at any time then they are less likely to try to do something they shouldn't.

Michael Taylor - 5/1/07

http://p3net.mvps.org