Applies To:
  • CitectSCADA All Windows 95, Windows NT, Windows 2000

The standard tools in Windows 95/NT/2000 does not allow me to block system keystrokes as CTRL-ALT-DEL and CTRL-ESC. Is there way I can create a secure environment for my users and stop them from accessing anything other than Citect? 

1) If you only need Citect and no other software to be run on your computer you can launch Windows with Citect as the shell, this means that no other software will be running and the access is limited to Citect only. See Q1898 on how to install Citect as the shell.

2) If you need other software to be running at the same time as Citect and you need to control the access of the users you can use a software from Visual Automation called "Secure Desktop for Windows 95/NT". This software will replace the Windows Desktop and enable you to trap system keys, password protect icons and much more. There homepage is: . Here is a description of "Secure Desktop for Windows 95/NT" from their web-page.

Secure Desktop 5 Data Sheet
Secure Desktop 5 is a replacement for the Windows Explorer Shell. The focus of this product is to limit access to software programs on a computer that runs Windows 95, Windows 98, Windows NT 4.0, or Windows 2000.

Secure Desktop 5
Secure Desktop 5 provides a clean user interface to any program -- DOS or Windows. Each icon can be password protected, will have a function key associated with it, and is activated by a double click or single click (ideal for touch screen applications). Any icon may be associated with a program. Function keys may be designated as global or local to the Secure Desktop window. If an application is already running, it can optionally be brought to the foreground rather than starting a second instance.
Keystroke Trapping
Within Windows 95, 98, NT, or 2000 the Alt-Tab and Alt-Esc (task switch), Ctrl-Esc (start menu, Windows key), and Ctrl-Alt-Del (reboot) keystroke sequences may be disabled, in addition to many others. These keystroke combinations are tuned specifically for different operating systems and are not hardware dependant.
Office 2000
Microsoft Office 2000 programs have built-in features to restrict menus and their associated toolbar icons. These features are registry entries. Secure Desktop 5 provides an easy checkbox interface to disable many of the menu/toolbar button items. Secure Desktop 5 will also disable many of the additional features found in Office 2000 file open/save as dialogs.
Internet Explorer
Microsoft Internet Explorer has built-in features to restrict various features, primarily associated with local file access. These features are registry entries. Secure Desktop 5 provides an easy checkbox interface to disable many of these features.
Window Wizard
The Window Wizard continuously looks for a given window in the system, then performs some kind of action upon that window. Windows are identified by the window title, top level menu, or a combination of the two. Once a window is found, it can be forced to maximize or minimize, it can be hidden, it can be forced close, or the menu of the window can be manipulated. This is a very powerful tool used to manipulate other software running on your system.
sFile is a little file manager with limited capabilities. sFile is used if you want to have a user copy files, but you do not want them to do other things Explorer would allow. A 'from' and a 'to' folder can be specified, along with 'wild card' file filters.
Hidden Applications
Each program may be started as minimized, maximized, normal, or hidden. The hidden attribute launches the application as an invisible entity, suitable for software not requiring operator interaction, such as communication gateway programs. This feature may also be applied to any application, regardless of how it was started.
Help Files
Help files, when executed, usually go directly to the "contents" topic in the help file. With Secure Desktop, you may alternately choose a topic by specifying a "keyword" found in the help files search list.
Disable Menus
The application's appearance may be altered during launch by changing the title bar, disabling menu items, or even deleting menu items. Using this feature, an application could be prevented from closing or exiting, or the save function could be removed. By deleting the minimize or maximize menus from the system menu, resizing an application's window can be controlled. This feature can also be applied to any window, regardless of how it was started.
Start-up Applications
In Secure Desktop, there are twelve start-up applications. The order and time delay between starting each application is controllable. These applications may also be started based on a DDE (Dynamic Data Exchange) item changing to a non-zero state.
Shut-down Applications
The order and time delay between shutting down each application is controllable.
There are twelve timer applications that may be executed up to four times per day, every day, once per week, or once per month. This can be very useful for automatic backup routines, or other data archival purposes.
System Services
Free memory, and free disk space are monitored and displayed with optional alarm thresholds. Secure Desktop is a DDE (Dynamic Data Exchange) Server providing this data to DDE Client applications. The computer's date and time settings may by synchronized with a DDE Server based on time (Daily, Weekly, or Monthly) or on a DDE item not equaling zero, so the computer's date & time will be equivalent a PLC's date & time, for example.
Besides application and group passwords, "program run", "exit windows", and the "control panel" may also be password protected.
Supervisor Mode
Passwords are ignored and hotkeys are once again available when in Supervisor Mode to facilitate computer maintenance operations. This mode can be set to automatically time out.
Visual Automation Task Manager
This module replaces the normal task manager, eliminating buttons associated with end task, window tiling, etc. The list of tasks may be disabled (grayed). Task switching within the task manager may be password protected.
Price and Availability
Secure Desktop 5 is available, direct and through authorized distributors for $195.00 per unit US. Quantity pricing is available.

See also Q2402 - "User Based Security on a Standalone NT Workstation".