So, I am doing a small bit of research for my Google Admin. He and I were trying to figure out how to allow users under the domain to enable the singular flag for Chrome OS Dark Mode, upon request, without unblocking the entire chrome://flags address. He said that there is no way to do it without creating a script.
Anyway, to the point, is there any scripts out there for doing something similar? I can edit the code when I need to in order to make it exactly for what it needs to be, but I do not know what the code (or whatever it is) should be in order for a certain flag to be enabled properly.
Unfortunately, Chrome Management API has a limited management options to control Chrome OS devices. Upon checking specifically on Directory API that manages Chrome OS devices, you can only manage devices information (e.g. move a device to a different OU or update a device's Chrome OS version). Thus, it is not possible to use script for this, given that Chrome flags are experimental settings on Chrome.
I did some research and found a workaround by using command line flags (or "switches") where you can set to your Chrome OS devices to auto enable dark mode switch when user turn on the Chrome OS device. However, you need to put the device into dev mode, disable rootfs verification, and bring up a command prompt to be abe to do this method. Additionally, this also involves changing the file system of the device, which could be not ideal for your setup.
Related
I have a C++ program which I want to use on my clients machines. However, some of my clients are behind proxies. Therefore, I want my program to automatically detect these proxies.
I have tried many solutions, such as reading the registry for the proxy settings, trying the Windows API's, etc.
However none of them have worked out well. E.g. the registry sometimes holds the url for the PAC-file and sometimes the actual proxy-address itself. Besides that, I haven't been able to find any username and password related to the proxy if it is set on the client machine (which some users say they have).
So, basically my question is:
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests later on regarding:
Proxy-address
Proxy-port
Proxy-User
Proxy-Password
I can't get it to work and I have been trying it for two weeks now without any improvement...
You can not read proxy setting in a generic way, since every application is free to store it in any way it wants. You should be able to read Internet Explorer proxy by using WinHttpGetIEProxyConfigForCurrentUser function, and it would also work for users browsers which use this setting, like Google Chrome.
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests?
libproxy is the answer!
Libproxy home page on GitHub
Libproxy repo on GitHub
It has these features according to the home page:
support for all major platforms: Windows, Mac and Linux/UNIX (see upcoming 0.4 release)
extremely small core footprint
no external dependencies within libproxy core (libproxy plugins may have dependencies)
only 3 functions in the stable-ish external API (1.0 will offer full stability)
dynamic adjustment to changing network topology
a standard way of dealing with proxy settings across all scenarios
a sublime sense of joy and accomplishment
I need to Disable/Enable a loaded device driver because the device "at times" when connected fails to load properly.
This device is controlled by the user and is POWERED AND UN-POWERED very frequently.
The program which needs to use the driver DETECTS a failure and needs to Disable/Enable which ALWAYS corrects the issue.
But using the SetupAPI methods causes the executable to require ADMIN rights (Windows 7 and Windows 10).
I'm not sure if I need to use "other" coding methods or if SIGNING the executable will remove the "requirement" to run as administrator?
Any ideas would be greatly appreciated.
The problem is that is any used can unload a driver, they'd be able to interfere with other users. Drivers are a shared resource.
"Signing" the executable makes a few warnings less scary but doesn't affect security.
I've done some digging and the main ideas I've seen floating around are using setuid/getuid and using the Authorization Services (which, for some reason gives me a symbol error when compiling but appears to be deprecated now).
My application needs to be able to request root access (for accessing a raw disk drive) at a certain point, preferably with the OS X authentication dialog (I'm new to OS X so I have no idea what to call that).
Authorization Services is pretty well supported, AFAIK.
Here's a link to a tutorial (with sample projects!) which you can use to launch a small tool in which you can get admin priviledges and then you can call the setpriority API on your calling process (documentation linked for you).
What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?
More details:
Windows: XP or higher
Application: A basic Win32 app written in C/C++.
Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.
Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)
Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)
Thanks!
p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.
It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.
You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.
That said this isn't trivial to do but the sample should get you most of the way there.
You cannot effectively or practically write your tool with only a user mode application.
What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.
On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.
In effect, you are writing a network firewall (more or less)
here are some links
Introduction to Winsock Kernel (WSK)
Windows Core Networking Blog
The Network Programming Interface Docs on MSDN
Note, your will likely need at least two components
Your driver
A Graphical application that a person can use to control your tool
If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.
A few notes:
You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
Be cognizant of performance.
Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
take a look at firewall sourcecodes
I'm am developing a Firefox extension which interfaces with an underlying Windows service (which I have already made).
During the development so far I encountered one bug in the installer program (which installs the FF extension AND the service). This was due to the security model on Vista requiring elevated privileges to be able to install and start the service. I adjusted the installer and now it installs fine (just with additional Vista'esque warning dialogs being displayed to end-users - which I can live with !)
I am now in the process of developing an XPCOM component that will install along with the XUL stuff I have already made. There will be a XUL javascript interface to the XPCOM which will try to do things like stop and start the service (e.g when user-configuration data is changed).
My question: Since FF will normally be run under a user account, will I run into any difficulties on Vista or other Windows flavors trying to start or stop my own service via XPCOM?
(When users run the installer I don't mind security dialogs popping up in Vista. But I certainly don't want this to happen whenever they try to change their info in the XUL interface.)
What is the correct way to go about this?
Yes, if your service is running as an Administrator then the Firefox process, running as a normal user will not be able to start or stop it. However, it appears that you can use the "sc" command to set access controls on your service from your installer, which means you can allow non-admin users to start and stop your service.
You'll need to use "sc sdset", which is documented (lightly) here:
http://technet.microsoft.com/en-us/library/cc742037%28WS.10%29.aspx
However, to use that, you'll need to read up on the "Security Descriptor Definition Language", which looks kind of complicated:
http://msdn.microsoft.com/en-us/library/aa379567%28VS.85%29.aspx
This blog entry appears to have some human-readable information on it:
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx