Blocking USB Keyboard and Mouse

[AtomR]

Good afternoon,

I am working on a project for my company that has a machine with a computer that provides limited access to a system i'm working. The system has a monitor, a keypad and a usb port available but everything else is inside a box and the public can't access it (unless they pry it open but that's an entirelly different problem). I need to prevent users from being able to connect a keyboard and then using ctrl + alt + del to close my program and access the computer. Basically the usb port is supposed to allow users to save data using our ui into flash drives and nothing else. I cannot use blockinput because of the keypad and even then i think it would not block ctrl alt del. I can't use User Group Policy because it would also block the keypad.

Are there any ideas on how I could accomplish this?

The machine is a bar and cofee shop machine where people can enjoy some tabletop-like games and nothing malicious at all.

[Mat]

A couple of pointers:

• http://msdn.microsoft.com/en-us/library/aa363431%28VS.85%29.aspx
• http://msdn.microsoft.com/en-us/library/aa363480%28VS.85%29.aspx

[AtomR]

Thank you for your reply. I'm not entirelly sure how that can help. I'm not good at interpreting MSDN help especially when dealing with system specific functions. I am relativelly proficient at high level programing but programing at a low level is not really something i'm really good at.

I suppose i'd have to use AutoIt to open the "User32.dll" and use the WM_DEVICECHANGE method to know when a device has connected. But how can I possibly block the device with autoit after it has been detected?

[JohnOne]

Maybe you cannot block it but you could sound an alarm or some sort of notification.

[AtomR]

But the machine will be placed in "third party" locations that are usually as careless with the hardware as the their custmoers are. An alarm really wouldn't be a solution. The better solution would be to actually not have a usb port available but I feel that is what would make us stand out from the "competition". So i'm leaving that as the last possible solution should all else fail.

[edit]

A less gracefull solution would be to remove task manager option from the ctrl+alt+del screen :S

Edited August 28, 2013 by AtomR

[JohnOne]

What if you check if the device is storage device, if not log machine off.

[Mat]

WM_DEVICECHANGE is a Window Message, so you'd need to register it for a GUI using GUIRegisterMsg. I haven't tested so I'm not sure if you need to call RegisterDeviceNotification first, this isn't part of the api I've worked with before.

Just occured to me that just detecting raw input devices might be an easier option. Again, I don't know as I've never tried or tested anything like this, but try registering the WM_INPUT_DEVICE_CHANGE message first.

See _WinAPI_RegisterRawInputDevices for an example of registering for mouse input. 

For some reason GetRegisteredRawInputDevices is always returning zero devices for me. Doh! Because I didn't have any devices registered. _WinAPI_EnumRawInputDevices() works perfectly though, and also gives you the device type (HID, keyboard and mouse).

Edit: For the second step, there should be a way to disable the device, or get windows to unmount it. If not then locking the workstation, or just shutting down would work.

Edited August 28, 2013 by Mat

[AtomR]

Shutting down the machine would work perfectly.

My system already detects the existence of as internal usb pen to make sure it is a valid copy in case someone tries to clone it. (this part is not helpfull at all) Since I have one keyboard always on I suppose I could count how many keyboards are detected at any given time and if a second one is detected it shuts down.

Thank you both so much for the help.

Edited August 28, 2013 by AtomR

[NewPlaza]

You can always disable the control key altogether.  But by doing this would also pervent you from gaining access via CTRL-ALT-DEL.

You would have to boot in WinPE and make a registry change before you can access CTRL-ALT-DEL.

[AtomR]

Out of curiosity how could I disable the controll key, NewPlaza?

[FireFox]

Hi,

Have you tried the HotKeySet function?

Br, FireFox.

[NewPlaza]

Out of curiosity how could I disable the controll key, NewPlaza?

 

REG ADD "HKLMSYSTEMControlSet001ControlKeyboard Layout" /v "Scancode Map" /t REG_BINARY /d 00000000000000000300000000003800000038e000000000 /f

 

Though it's really the ALT key that get disable not control key.. Anyhow I use this bit here in WinPE to prevent anyone ALT-TAB to other windows.

Bare in mind this a system wide change. It will affect all users including the login screen & welcome screen.

[FireFox]

If you still want help, just ask

[AtomR]

I will Firefox. I was just asked to do other tasks today so I really didnt dedicate any time to this problem. I have, however, registered the WM_DEVICECHANGED and it does indeed detect usb plug/unplug but for some reason I am getting uMsg and lParams completelly different from the ones on the MSDN help and those values don't really change regardless of whether i'm plugging or unpluggin and even regardess of what type of usb device is being plugged.

[FireFox]

Follow >this post.

Except the Case statement concerned is: "Case 0xA2, 0xA3".

Br, FireFox.

[Belini]

@ AtomR You can disable the manager by editing the registry.

;Disable Task Manager
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "1")
Sleep(10000)
;Enable Task Manager
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "0")

Edited August 30, 2013 by Belini

[AtomR]

Thank you belini. I had already disabled task manager, change password, log out etc options using the Group Policy Editor ( gpedit.msc) and it does help a lot. It is only possible to access the windows "Switch User" option but I'd prefer to loose all trace of the Windows User Interface for a more polished system. If all else fails this is exactly the solution that I will opt for.

@FireFox: I've downloaded that HotKey UDF and tried. It does indeed capture ctrl alt del but it does not stop windows from taking me to the option screen. Adding the return -1 to the line you mentioned only had the effect that it will not call the function I register but windows options screen is still opened.

Edited August 30, 2013 by AtomR

[FireFox]

Ah, I didn't know you wanted to block the locked screen. It's not possible to block the hotkey.