Running games on network

[gazzanewpy]

I have installed a game onto our workstations to allow students to play at the end of the day. We installed under administrator and all went well. However, whenever a user logs on and tries to run the game it fails to work. Why and how can we resolve this? (Someone has said something about Legacy software and offered one fix but it requires a local Power User account that would allow the students global access - something I do not want!).

 

[gpalmer711]

I think you can get round this by using the security policies/Local Policies on the PC to do this, however I am just getting to grips with this myself so am not much use. However is there anyone in your office that knows Visual Basic? I have just written an application that does the exact thing you require.


Greg Palmer

----------------------------------------
Any feed back is appreciated.

 

[gazzanewpy]

Yes, I can program in VB. How would this resolve the problem? I am intrigued!

 

[gpalmer711]

Right well first of all I appologize to all other members of the forum for turning this thread into a VB Thread.

First add the following code into a module.

Option Explicit

Private Const CREATE_DEFAULT_ERROR_MODE = &H4000000

Private Const LOGON_WITH_PROFILE = &H1
Private Const LOGON_NETCREDENTIALS_ONLY = &H2

Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0

Private Type STARTUPINFO
cb As Long
lpReserved As Long ' !!! must be Long for Unicode string
lpDesktop As Long ' !!! must be Long for Unicode string
lpTitle As Long ' !!! must be Long for Unicode string
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type

Private Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessId As Long
dwThreadId As Long
End Type

' LogonUser() requires that the caller has the following permission
' Permission Display Name
' --------------------------------------------------------------------
' SE_TCB_NAME Act as part of the operating system

' CreateProcessAsUser() requires that the caller has the following permissions
' Permission Display Name
' ---------------------------------------------------------------
' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
' SE_INCREASE_QUOTA_NAME Increase quotas

Private Declare Function LogonUser Lib "advapi32.dll" Alias _
"LogonUserA" _
(ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Long, _
ByVal dwLogonProvider As Long, _
phToken As Long) As Long

Private Declare Function CreateProcessAsUser Lib "advapi32.dll" _
Alias "CreateProcessAsUserA" _
(ByVal hToken As Long, _
ByVal lpApplicationName As Long, _
ByVal lpCommandLine As String, _
ByVal lpProcessAttributes As Long, _
ByVal lpThreadAttributes As Long, _
ByVal bInheritHandles As Long, _
ByVal dwCreationFlags As Long, _
ByVal lpEnvironment As Long, _
ByVal lpCurrentDirectory As String, _
lpStartupInfo As STARTUPINFO, _
lpProcessInformation As PROCESS_INFORMATION) As Long

' CreateProcessWithLogonW API is available only on Windows 2000 and later.
Private Declare Function CreateProcessWithLogonW Lib "advapi32.dll" _
(ByVal lpUsername As String, _
ByVal lpDomain As String, _
ByVal lpPassword As String, _
ByVal dwLogonFlags As Long, _
ByVal lpApplicationName As Long, _
ByVal lpCommandLine As String, _
ByVal dwCreationFlags As Long, _
ByVal lpEnvironment As Long, _
ByVal lpCurrentDirectory As String, _
ByRef lpStartupInfo As STARTUPINFO, _
ByRef lpProcessInformation As PROCESS_INFORMATION) As Long

Private Declare Function CloseHandle Lib "kernel32.dll" _
(ByVal hObject As Long) As Long

Private Declare Function SetErrorMode Lib "kernel32.dll" _
(ByVal uMode As Long) As Long

Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type

' Version Checking APIs
Private Declare Function GetVersionExA Lib "kernel32.dll" _
(lpVersionInformation As OSVERSIONINFO) As Integer

Private Const VER_PLATFORM_WIN32_NT = &H2

'********************************************************************

' RunAsUser for Windows 2000 and Later
'********************************************************************
Public Function W2KRunAsUser(ByVal UserName As String, _
ByVal Password As String, _
ByVal DomainName As String, _
ByVal CommandLine As String, _
ByVal CurrentDirectory As String) As Long

Dim si As STARTUPINFO
Dim pi As PROCESS_INFORMATION

Dim wUser As String
Dim wDomain As String
Dim wPassword As String
Dim wCommandLine As String
Dim wCurrentDir As String

Dim Result As Long

si.cb = Len(si)

wUser = StrConv(UserName + Chr$(0), vbUnicode)
wDomain = StrConv(DomainName + Chr$(0), vbUnicode)
wPassword = StrConv(Password + Chr$(0), vbUnicode)
wCommandLine = StrConv(CommandLine + Chr$(0), vbUnicode)
wCurrentDir = StrConv(CurrentDirectory + Chr$(0), vbUnicode)

Result = CreateProcessWithLogonW(wUser, wDomain, wPassword, _
LOGON_WITH_PROFILE, 0&, wCommandLine, _
CREATE_DEFAULT_ERROR_MODE, 0&, wCurrentDir, si, pi)
' CreateProcessWithLogonW() does not
If Result <> 0 Then
CloseHandle pi.hThread
CloseHandle pi.hProcess
W2KRunAsUser = 0
Else
W2KRunAsUser = Err.LastDllError
MsgBox &quot;CreateProcessWithLogonW() failed with error &quot; & Err.LastDllError, vbExclamation
End If

End Function

'********************************************************************
' RunAsUser for Windows NT 4.0
'********************************************************************
Public Function NT4RunAsUser(ByVal UserName As String, _
ByVal Password As String, _
ByVal DomainName As String, _
ByVal CommandLine As String, _
ByVal CurrentDirectory As String) As Long
Dim Result As Long
Dim hToken As Long
Dim si As STARTUPINFO
Dim pi As PROCESS_INFORMATION

Result = LogonUser(UserName, DomainName, Password, LOGON32_LOGON_INTERACTIVE, _
LOGON32_PROVIDER_DEFAULT, hToken)
If Result = 0 Then
NT4RunAsUser = Err.LastDllError
' LogonUser will fail with 1314 error code, if the user account associated
' with the calling security context does not have
' &quot;Act as part of the operating system&quot; permission
MsgBox &quot;LogonUser() failed with error &quot; & Err.LastDllError, vbExclamation
Exit Function
End If

si.cb = Len(si)
Result = CreateProcessAsUser(hToken, 0&, CommandLine, 0&, 0&, False, _
CREATE_DEFAULT_ERROR_MODE, _
0&, CurrentDirectory, si, pi)
If Result = 0 Then
NT4RunAsUser = Err.LastDllError
' CreateProcessAsUser will fail with 1314 error code, if the user
' account associated with the calling security context does not have
' the following two permissions
' &quot;Replace a process level token&quot;
' &quot;Increase Quotoas&quot;
MsgBox &quot;CreateProcessAsUser() failed with error &quot; & Err.LastDllError, vbExclamation
CloseHandle hToken
Exit Function
End If

CloseHandle hToken
CloseHandle pi.hThread
CloseHandle pi.hProcess
NT4RunAsUser = 0

End Function

Public Function RunAsUser(ByVal UserName As String, _
ByVal Password As String, _
ByVal DomainName As String, _
ByVal CommandLine As String, _
ByVal CurrentDirectory As String) As Long

Dim w2kOrAbove As Boolean
Dim osinfo As OSVERSIONINFO
Dim Result As Long
Dim uErrorMode As Long

' Determine if system is Windows 2000 or later
osinfo.dwOSVersionInfoSize = Len(osinfo)
osinfo.szCSDVersion = Space$(128)
GetVersionExA osinfo
w2kOrAbove = _
(osinfo.dwPlatformId = VER_PLATFORM_WIN32_NT And _
osinfo.dwMajorVersion >= 5)
If (w2kOrAbove) Then
Result = W2KRunAsUser(UserName, Password, DomainName, _
CommandLine, CurrentDirectory)
Else
Result = NT4RunAsUser(UserName, Password, DomainName, _
CommandLine, CurrentDirectory)
End If
RunAsUser = Result
End Function


Then use the following code to run the game.

RunAsUser &quot;UserName&quot;, &quot;PassWord&quot;, &quot;Domain&quot;, &quot;File Name&quot;, &quot;Path to File&quot;

For example if you wanted to run the windows notepad the command would be

RunAsUser &quot;Administrator&quot;, &quot;Password&quot;, &quot;MyDomain&quot;, &quot;Notepad.exe&quot;, &quot;C:\windows\&quot;

The domain part can contain just &quot;&quot; if the account is local and not part of a domain.

Hope this helps and again sorry for posting VB stuff here.

UserName

Greg Palmer

----------------------------------------
Any feed back is appreciated.

 

[gazzanewpy]

Thanks for the code. However, once I read your code it jogged my memory of a command built into XP called RunAs. It turns out that all I need do is set the properties to RunAs and then set up an account that is only active during the time I require it and limiting access to purely being used in context with the game. Easy!

I have taken the code and will explore this later - thanks very much!

 

[bcastner]

gazzanewpy,

One of the issues address by Greg is that RUNAS reveals in plain text the Administrator username and password.

This is one of the concerns about using this native facility to handle program execution by limited users.

It would take someone .5 nanoseconds to have complete local access to the machine as local Administrator with a RUNAS shortcut on the desktop.

What Greg Palmer was suggesting is that there is a way, securely, to provide the features of RUNAS without the disadvantage of exposing in plain-text the username and password of the local Administrator.

In the interest of completeness, I should also caution you that not even RUNAS or Greg's solution will work for many games that use copy protection from Macromedia and some others. The user has to be the Owner/Creator/Administrator for the game to successfully run, and you cannot &quot;fool&quot; it with temporary permission tokens. One notable series of Games that show this behavior is nearly the entire Microsoft product line in its newer versions.

Best,
Bill Castner