I'm currently dealing with a security issue on a retail POS machine that automatically launches a Global Store POS application for a specific user. The goal is to ensure that this user can only interact with that application. However, I've discovered that using the Ctrl+O keyboard shortcut allows the user to access a standard Windows file open dialog, enabling them to browse the C: drive, which is a major security concern. I've attempted to restrict Windows keys, disable hotkeys, and enforce multiple Group Policy (GPO) settings, but the shortcut remains functional. I'm looking for effective methods to completely block or limit access to the Open dialog (Ctrl+O) or to prevent browsing the file system in a POS/kiosk-style setup. Any solid enterprise-level solutions or best practices would be very helpful.
5 Answers
You might want to check the GPO settings under User Administrative Templates. Go to Windows Components -> File Explorer and look for options to hide specified drives in My Computer and prevent access to drives from My Computer. While I'm not entirely certain how secure that is, it's worth a try. However, keep in mind that users can still access the C drive through Command Prompt and programs with custom dialogs like 7-Zip.
You could consider remapping the keys using PowerToys to reassign Ctrl+O to something harmless like Print Screen. Just a workaround, but not a complete solution!
I use Intune Kiosk Mode, and while Ctrl+O does still work, it limits access only to the Downloads folder, which can be adjusted in the settings.
What about removing the DLL associated with that shortcut? That could be risky though, as it might break other functionalities in the application. Need to tread carefully if you're implementing this at an organizational level.
GPO policies can be a hassle, I know. Another approach might be to utilize a macro tool like Pulover or Greenshot to bind Ctrl+O to a harmless action. But you'll want to ensure that's permitted since it involves installing additional software.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures