ScanWindows (1.1.1)


The program first tries a "nice" close and if this fails forcibly terminates the undesired program. The program was written in response to a requirement at Sebastopol Secondary College. Currently there exists no easy way to restrict a student's access to the school network other then completely disabling their user accounts. This had the undesirable effect of impacting heavily on their classroom work furthering any tendency they may have towards delinquency in their attitudes.

It is intended that ScanWindows will form a component of my other methods of controlling computer and program access. It is released as a component in its own right as it is very useful as is. It runs on Win95-XP however on W2k and above it runs in the users context making circumvention easy. It does not run on NT.

The program works by comparing a list of running programs and their windows with a deny list. If any disallowed program is found running the window title is checked with an allow list for a match or partial match. If a match is found no action is taken. If the window is not on the allow list the window is closed.

Next the window titles are compared with the deny list. If a match or partial match is made the allow list is again checked. If no match or partial match is made the window is closed.

Checking the two lists prevents people from changing the applications executable name to overcome restrictions. It also has the benefit of allowing certain operations in otherwise disallowed programs. As an example if Internet Explorer (iexplorer.exe) is disallowed any page containing the school name in the title may be allowed. This will enable browsing of the school intranet but not the internet.

The two lists (Commonly called deny.txt and allow.txt) are normally placed on a server and passed as parameters in the logon script. The key word "all" is permitted in both files i.e. "all" programs may be denied but all window titles may be allowed (pretty useless but permissible). Allow overrides deny. A sample method of running the application is provided in the "Sample Run .bat file". Sample deny.txt and allow.txt files are also provided.

The program has two other modes of operation.

If the command /list is passed in the command line a list of running applications and windows is displayed that may be copied and pasted to help with making the deny and allow files. The "Sample List.bat" file demonstrates this option.

If the parameter "/showme" is passed the form will be visible and display debug information.

The last "mode" is the "/stop" command that stops the program and resumes normal computer operation.

If the parameter "/nostop" is passed during program invocation then the program cannot be stoped by this means.

Sample command lines.

Run the program with stop disabled
\\server\share\scanwin.exe /deny:\\server\share\deny.txt /allow:\\server\share\allow.txt /nostop

Run the program without stop being disabled.
\\server\share\scanwin.exe /deny:\\server\share\deny.txt /allow:\\server\share\allow.txt

End the program if stop not disabled.
\\server\share\scanwin.exe /stop

Run List the running programs
\\server\share\scanwin.exe /list

Other Option
Nearly at the end of the development of this program I found at a program called progkill @ This is mentioned here as it provides an alternative approach to a similar end.

This software is provided as is with no warranty or fitness for any purpose what so ever either stated or implied.

Since version 1.0.5 the main improvement is to enable SysAdmins to customize the contents of the dialog boxes.
1.1.1 Fixed bug locking control files.
1.1.0 Added option to disable the Program Disabled dialog box. Fixed bug in parsing the commands.
1.0.7 Added option to change the contents of the dialog box displayed when a disabled program is found running
1.0.6 Fixed a random multiple dialog box problem reported by some users. Added more explanation to list view window.

Note: Martin van der Boon has provided a tool, LOADER, which will restart ScanWin if a user disables it.



Comment List