Using group policy I am able to prevent a user group from browsing the hard drive of my Windows XP clients. However, I noticed that using the “file://” protocol within firefox, you can bypass this security and download files from the hard drive via hyperlinks. Preventing this would very useful in a lab setting or for a kiosk. Here is how you do it. (Note in step 3 that multiple protocols are blocked)

1. Make sure you have Java and the Java bin in your PATH variable and unjar the comm.jar in /mozilla/chrome with jar -xf browser.jar
2. This will give you a directory called “content”; open “/content/browser/browser.js” in an editor.
3. Search for the function declaration “function BrowserLoadURL(aTriggeringEvent)” and insert the following lines of code into the position specified below (Approx line 1980).
   if (url.match(/^file:/) || url.match(/^\//) || url.match(/^resource:/) || url.match(/^about:/))
{
alert("Access to this protocol has been disabled!");
exit
}
   Where to insert the code:
   function BrowserLoadURL(aTriggeringEvent)
{
var url = gURLBar.value;
   (**** INSERT CODE HERE *****)
   if (url.match(/^view-source:/)) {
4. Save navigator.js and create a new browser.jar with jar -cf browser.jar content
5. Replace the original browser.jar with the new browser.jar.
6. Fire up mozilla and test it out.

The user can however still type “c:\” an access the hard drive contents. There must be some other function that translates “c:” to “file:///c:/”, which works and bypasses this rule. If anyone finds an easy solution to this let me know.

I needed to open two ports on a large number of machines. Using the Windows GUI is just too time consuming. So I found out how to open the ports via command line, and then added those commands into a batch file that opened the ports, appended to the hosts file, and initiated an installer. This saved me a lot of time, and the less I deal with the XP GUI, the better.

netsh firewall add portopening type number name enable subnet

• type - TCP or UDP
• number - port number (e.g. 80)
• name - name to identify this exception in the firewall

For example, to open up port 80 on the subnet, you could run the command:

netsh firewall add portopening TCP 80 HTTP enable subnet

I’m sure this will come in handy again.

Good stuff.  This cartoon captures both Jobs’ “too hip to be a nerd” and Gates’ “too nerdy to be hip” images.  Guest appearance by Commodore 64!  Pic links to YouTube video.

One of my favorite tech sites, Real Tech News, just put up a great post on windows XP tips. A couple of gems I want to remember:

• XP hides some system software you might want to remove, such as Windows Messenger, but you can make it show everything. Using Notepad or Edit, edit the text file /windows/inf/sysoc.inf, search for the word ‘hide’ and remove it. You can then go to the Add or Remove Programs in the Control Panel, select Add/Remove Windows Components and there will be the software and you can now uninstall it.
• Windows XP can be very insistent about you checking for auto updates, registering a Passport, using Windows Messenger and so on. After a while, the nagging goes away, but if you feel you might go insane before that point, run Regedit, go to HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/Advanced and create a DWORD value called EnableBalloonTips with a value of 0.
• The Start Menu can be leisurely when it decides to appear, but you can speed things along by changing the registry entry HKEY_CURRENT_USER/Control Panel/Desktop/MenuShowDelay from the default 400 to something a little snappier. Like 0.