none
Starting Explorer Process RRS feed

  • Question

  • Hello,

    I have a VBS which closes the explorer process to start with to ensure it has to be complete before they can use the PC (other measures in place to restrict) and that all works fine, however i can't re-start this process.

    When you call it, it simple opens and explorer nav window, rather than the windows explorer process itself.

    I then created a BAT that simply starts the explorer process, however if called from my script it simply does nothing.

    Any pointers would be helpful.

    I've tried this instead but also failed simply opening an explorer window.

    SHShell.Run("explorer.exe")

    Thanks


    On Error Resume Next
    set objDSO = GetObject("LDAP:")
    set objUser = objDSO.OpenDSObject (strPath, strUserName, strUserPassword, ADS_SECURE_AUTHENTICATION OR ADS_CHASE_REFERRALS_ALWAYS)
    if Err.Number <> 0 then
        MsgBox "Incorrect Username or Password: Please try again..."
    else
    Set objFSO=CreateObject("Scripting.FileSystemObject")
    outFile="c:\log.txt"
    Set objFile = objFSO.CreateTextFile(outFile,True)
    objFile.WriteLine strUsername & " " & (now)
    Dim objShell
    Set objShell = WScript.CreateObject("WScript.Shell")
    objShell.Run "C:\startexplorer.exe"
        window.close
    end if
    Err.Clear
    On Error Goto 0

    Wednesday, May 18, 2016 8:11 AM

Answers

  • If you kill Explorer on logon it will stop the shell.  After that no shell commands will work.  You cannot kill the desktop and keep running.

    You might be able to restart explorer with SMI Win32_Process.Create using the full path to the explorer executable.

    What you are trying to do is blocked by most AV programs because it is a common way for a trojan to hijack the session.  The trojan creates a small exe in the current folder an launches it. The exe launches explorer as a child and now has full control of the desktop.


    \_(ツ)_/

    • Marked as answer by Tarrley Friday, May 20, 2016 7:08 AM
    Wednesday, May 18, 2016 3:25 PM

All replies

  • Hi Tarrley,

    pardon my curiosity, but what are you doing that forces you to lock out the user?

    That said, while I don't know why vbs behaves that way, but you can try calling "cmd.exe /c explorer.exe" to avoid having to have another file.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, May 18, 2016 8:18 AM
  • Thanks Fred,

    I altered to this,

    Set objShell = WScript.CreateObject("WScript.Shell")
    objShell.Run "cmd.exe /c explorer.exe"
    However it still simply does not start the explorer process, i'm at a halt.

    The reason is, i want a second stage of login using a different account so in essence it will force them to login after control alt delete again, before they can use the PC. The details they put in the 2nd time need to match a particular AD attribute that the initial windows login won't have,

    Thanks

    Wednesday, May 18, 2016 8:30 AM
  • Hi Tarrly,

    hm, that's an unwieldy scenario, I agree. I'm not exactly a VBS guru (PowerShell is my thing), but if run doesn't work, maybe launching it through WMI will:

    Dim obj
    Set obj = objWMIService.Get("win32_process") 
    obj.create("explorer.exe")

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, May 18, 2016 9:21 AM
  • Nope, afraid not. It still simply does not start the explorer process. No error, No windows, simply does not open. To give you a little more detail, here is a little more when it adjusts the window and kills the process, maybe this may help anyone understand in a little more context.

    It seems there is something a little special about calling the explorer process from VBS... apologies for the format but the code button isn't really working for this VBS...

    'Initial load of window
    Set objShell = CreateObject("Wscript.Shell")
    objShell.Run("taskkill /im explorer.exe /F"), 1, TRUE
    Sub Window_onLoad
        txt_username.Focus
        window.resizeTo screen.availWidth,screen.availHeight
        
    End Sub


    Sub Default_Buttons
        If Window.Event.KeyCode = 13 Then
            btn_mapdrive.Click
        End If
    End Sub
     
    Sub LDAPUser

    strUserName = txt_username.Value
    strUserPassword = txt_password.Value
    strDomain = "domain"
    '    function fnCheckAccess(strDomain, strUserName, strUserPassword)

    const ADS_SECURE_AUTHENTICATION = &h0001
    const ADS_CHASE_REFERRALS_ALWAYS = &H60

    dim objDSO
    dim objUser
    dim strPath

    strPath = "LDAP://" & strDomain & "/OU=Users,DC=" & strDomain

    On Error Resume Next
    set objDSO = GetObject("LDAP:")
    set objUser = objDSO.OpenDSObject (strPath, strUserName, strUserPassword, ADS_SECURE_AUTHENTICATION OR ADS_CHASE_REFERRALS_ALWAYS)
    if Err.Number <> 0 then
        MsgBox "Incorrect Username or Password: Please try again..."
    else
    Set objFSO=CreateObject("Scripting.FileSystemObject")
    outFile="c:\log.txt"
    Set objFile = objFSO.CreateTextFile(outFile,True)
    objFile.WriteLine strUsername & " " & (now)
    Dim obj
    Set obj = objWMIService.Get("win32_process")
    obj.create("explorer.exe")
        window.close
    end if
    Err.Clear
    On Error Goto 0

    set objDSO = Nothing
    set objUser = Nothing

    End Sub 'LDAPUser


    • Edited by Tarrley Wednesday, May 18, 2016 9:43 AM confi
    Wednesday, May 18, 2016 9:42 AM
  • If you kill Explorer on logon it will stop the shell.  After that no shell commands will work.  You cannot kill the desktop and keep running.

    You might be able to restart explorer with SMI Win32_Process.Create using the full path to the explorer executable.

    What you are trying to do is blocked by most AV programs because it is a common way for a trojan to hijack the session.  The trojan creates a small exe in the current folder an launches it. The exe launches explorer as a child and now has full control of the desktop.


    \_(ツ)_/

    • Marked as answer by Tarrley Friday, May 20, 2016 7:08 AM
    Wednesday, May 18, 2016 3:25 PM
  • Thanks,

    I'm assuming you don't know of any better ways to achieve this? In essence when an accont logs in, i want it to prompt for a different set of credentials. If they match the criteria i specific, great carry on, log the login to a file etc...

    If not, don't allow login, re-peat asking to login until valid criteria matchr credentails are entered.

    Thanks

    Friday, May 20, 2016 7:00 AM
  • Why?  There is no way to block a login.  You can reconfigure Windows to have the system run a custom program instead of Explorer.  You  cannot kill the default shell.

    What you are asking doesn't make much technical sense in Windows. 

    Also note that we don't design and write custom scripts on spec.  The forum is for technicians who are trained in Windows technologies and who use scripts in there work.  We ca answer specific questions about scripting.

    I recommend reading this before proceeding: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/c47b1bc2-f7fd-4d2e-8ff2-e8a81ce090d4/this-forum-is-for-scripting-questions-rather-than-script-requests?forum=ITCG


    \_(ツ)_/

    Friday, May 20, 2016 7:06 AM
  • Your full path statement set me on the right direction, the below line worked.

    CreateObject("WScript.Shell").Run "%comspec% /c start /wait c:\windows\explorer.exe", 0, True

    Thanks

    Friday, May 20, 2016 7:07 AM
  • Another note about why your code will not work.

    When the HTA is run it is running under Explorer as a child process.  When you kill explorer you are also killing all programs that run as a child process of Explorer.

    I recommend researching how to set up Kiosk mode which is close to what you want.  You will still have to design a custom program to manage the kiosk session.


    \_(ツ)_/

    Friday, May 20, 2016 7:09 AM
  • Your full path statement set me on the right direction, the below line worked.

    CreateObject("WScript.Shell").Run "%comspec% /c start /wait c:\windows\explorer.exe", 0, True

    Thanks

    N matter what you do you still cannot prevent any user from jumping past your script.  The WindowsKey+R will let them restart explorer or any program  while just ignoring your script.  if you successfully kill the shell then Ctll-Alt-Del will allow a restart of explorer or an other program.

    I see this in department stores all of the time.  I always just hit  a few keys and, woops, I am in.  Only systems set up in kiosk mode correctly can prevent this.  Most kids know how to break in when your kind of solution is running.


    \_(ツ)_/

    Friday, May 20, 2016 7:15 AM
  • There will be further locks downs via Group Policy and key disables to prevent that.
    Friday, May 20, 2016 8:19 AM
  • There will be further locks downs via Group Policy and key disables to prevent that.

    We have been down this path many times before.  It won't work.  It fan be bypassed.  You need to look at the kiosk setup to get what you want to work.

    \_(ツ)_/

    Friday, May 20, 2016 8:21 AM