How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Benjamin Larson Your Own Question

Benjamin Larson
Benjamin Larson, Software Development Engineer
Category: Software
Satisfied Customers: 59
Experience:  Software Development Engineer
94796889
Type Your Software Question Here...
Benjamin Larson is online now
A new question is answered every 9 seconds

I need to configure the vrtual machine that is included in

Customer Question

hi,
I need to configure the vrtual machine that is included in windows 10 to such a way that it is permanently on the desktop (whichever account is logged in). When the user clicks on the virtual machine icon they will taken directly to a web browser (probably chrome) The webbrowser will only allow users to open public domain websites that are on a whitelist (including all subdirectories on the domain. For example if www.justanswer.com was included the whitelist should include all of just answers subdomains without the need for the user to enter each sub-directory. (the user should not be able to change any other settings in virtual machine. I'm not exactly sure how the vm works but need to know if it will automatically find the wifi connections without the user requiring to enter p/w details.
I would like to create a permanent shor-cut in Win 10 for this vm(in both the classic view and windws 10 window. The shortcut iconwill appear in the start menu, bottom bar and a full sized shortcut on the desktop (with the shortcut size being slightly bigger than other shortcuts. (I've looked around oniline and cannot find a way to do this. I'm guessing something needs to be changed in the registry to 'grey out' the properties section on the short cut. ) (just to clarify the shortcut will take the user to the vm machine described in the first paragraph.
I need all of this in a video file (instructions actually configuring what is required)
Submitted: 5 months ago.
Category: Software
Expert:  Benjamin Larson replied 5 months ago.

Hi Bil, my name is ***** ***** I would love to help you with your question.

I am thinking what you want is possible, but may take some configuration as you indicated you thought it would.

Can you provide more details on your use case? It sounds like you want to setup a locked down browser for students or for use in a library or a call center or something.

Are you using the router on your network for the white list? It sounds like you are trying to keep the user from getting into things, so that would be one way to do it.

Also, may I ask what the need for the virtual machine is? Knowing that may let me offer additional suggestions for you.

I will try to get back to your question as soon as I can, but I may want to do some research upon receipt of your clarifications to your question. This is a fun question to me, so I really am eager to help you with this.

Customer: replied 5 months ago.
Thanks for your positive response Benjamin ! Apologies for the delay in reply. I'm starting to think I may be taking the wrong approach with the VM thing.
I'm trying to get a permanent shortcut on the desktop, start menu and menu bar. When the user clicks on that short cut i need the screen to only show the webpage that the short curt opens; without the address bar, preventing the user from typing in web addresses (restricting the user to links on the homepage and subpages). The favourites option on the browser should also be restricted. The laptop will not be part of a network and the user will have full access. Wanted to ensure the shortcuts will be in the same location whichever account logs onto the laptop (and if new accounts are created). . All other settings on the laptop will be as normal and the user can access the Internet as normal using other browsers that will be on the laptops.
I originally thought vm could help with whitelisting. Now I'm thinking that restricted access to the address bar would be adequate (ie ensure that the user is only guided to predetermined websites when clicking on the permanent shortcut or icons.)l
Thanks for taking time with this, I hope it makes sense. (i'm guessing its registry editing but I'm far from sure).
Expert:  Benjamin Larson replied 5 months ago.
I am a bit confused on what you are asking for. You want a browser that only can display a Web page that is predetermined by you, but other browsers on the system can access all websites? I don't understand your use case quite yet, so I am having a hard time finding the specific solution that you will be happy with.The problem with what you seem to be saying is the user can do whatever they want except on this browser... So there is almost no security there. That may work fine if your audience is very non tech savvy... Are you able to share more details so I can give a better answer?
Customer: replied 5 months ago.
Ok, i'll try to be more specific. The initial objective was for a number of semi-independent sales people using non-networked laptops that are essentially there own laptops off the shelf. They can do whatever they want with these laptops as they are used as there own.
On occasion the laptop is used for work purposes. This purpose is to simply use the company credit card to make purchases or look up information from predetermined, pre-authorised public websites. We want to avoid the possibility that access to this short cut, task bar and start bar link, is accidentally deleted, removed or doesnt show when a user logs in in a different account on the laptop (thats a new local account the user may decide to setup ). Initially, the only way I could conceive this being achieved would be by using the built in VM (ie the vm supplied by windows). Thought this would have the additional advantage of being a slightly more secure when making online purchases (as they browser will be on a virtual separate machine. Im basing this thought on the assumption that viruses from the physical computer may have difficulty effecting the virtual computer, I may be wrong, just guessing)
Ideally I need to know two things (i) How to lock down icons and shortcuts, shortcut path in 'properties' , icons, start bar so they are not easily deleted or changed (ii) how to restrict the favourites icon and have a whitelist on the 'special' browser that will only include links to predetermined websites (just to be clear im not referring to the other regular browsers that will be installed on the website). This is part that i initially thought a configured vm would make sense (ie it could allow whitelist configuration and have a secondary benefit of being slightly more secure. ). Now I believe that is overkill for what I want to do - when a user selects the 'special' browser they can only see a full home page (ie no address bar) . This will force the user to only access sites that are clickable via links on the website. If the user attempts to scroll to the top of the page (ie the address bar) they will not be able to access or see the part of the screen where "www.etc " is usually entered (therefore reaching the two objectives - restricting removal of short cut & icons, user only have access to certain weblinks via the special browser ie the whitelist.
Expert:  Benjamin Larson replied 5 months ago.

Okay Bil, I have gotten your response, and I will have to look it over and respond later today. I just wanted to send you a quick note to let you know that I did see the information you provided so you're aware I'm working on your issue.

Customer: replied 5 months ago.
Thanks !
Expert:  Benjamin Larson replied 5 months ago.

Okay Bil,

I've read thru your use case and I have a proposed solution. This is what I would do. Disclaimer: I am assuming you realize this is totally terrible from any sort of security viewpoint. If the users have physical access to a machine and know what they are doing, they can get around just about any security. Even if they don't know much, opening up another browser would defeat this whitelist ideas in about 1 second. So my guess is the reason you want the setup you described is so that the employees in good faith only use the company cards on websites that you are okay with and this makes it very easy for you to handle that. I'll outline the steps below, let me know if any of them need more detail for you to understand or if you have any questions on anything.

  1. Create an HTML file (webpage) that has a list of websites you want to have in your approved list. Make the name of each website a hyperlink, so this will be like a table of contents of approved websites.
  2. Host the single webpage you created on a server of your choosing.
  3. Install a browser such as this one - http://www.snowland.se/applications/win8-app-kiosk-browser
  4. Make the single URL for that browser point to the URL for the page you created earlier
  5. Put the shortcut to launch that browser in the all users desktop - c:\Users\Public\Desktop (you indicated Win 10, I'd have to verify this is the exact path)
  6. Make the defaults that users can't modify or delete items in that directory

This method will allow you to update the list of "white listed" websites by simply updating the webpage you are hosting whenever you want. Again, this will keep honest users able to easily tell what websites you are okay with them visiting, but is pretty terrible security. Do be aware you can sometimes go to 3rd party websites and through them gain access to any website you want, but usually you have to work to do that, so I'd consider it an edge case that a user would get to a non-approved website by mistake.

If this answers your question, I'd really love it if you would rate me. If you have more questions, just ask!

If you'd like me to walk you through the setup for this and/or create the webpage and help you host it, I can do that. I also could show you how to host it for free on github if that's something you want. I believe walking you through those steps and/or doing the development for the website would be above and beyond the scope of answering your question, so I think it would be fair to figure out a rate for that between us. Please note, I'm not suggesting we do business outside of JA, nor am I trying to shake you down. I am just offering remote assistance, which is a JA service to add value to your question if you want someone to hold your hand thru the process. If an overview is all you are looking for, I hope I've provided that and if you desire more details on that overview, I'm more than happy to provide those details without any additional charges. Thank you very much!

Customer: replied 5 months ago.
Thanks Benjamin. I'm not quite sure this answers my question. I am considering the secure connection option (or possibly paying extra for a instruction video file, I'm leaning towards paying extra). I have a meeting with a colleague this evening and will get back to you today . I hope thats ok.
Expert:  Benjamin Larson replied 5 months ago.

Hey, that is no problem at all!

The solution I outlined should meet the use case as I understand you described it, but I want you to understand it and be happy with the answer since there are usually multiple ways of getting things done with software. I was trying to design a solution for you that was both flexible and easy as well as meeting your requirements. Please understand I'm not trying to get you to pay more, I'm simply offering more in-depth help if you see value in that. If you want to just go back and forth in this format, I'm fine with that too. You are in control, just let me know!

If you have any follow up questions or concerns after talking to your colleague, I'm here. Thanks!

Customer: replied 5 months ago.
Apologies for the delay. I thought I should rephrase the question:
Essentially i need to know how to configure windows 10 in a particular way (in a windows 7 view but this will also apply to a windows 10 view). I need to configure (via registry edits or any other way) a permanent large (approx double the usual size) short cut that links through to a predetermined webpage (in addition to the permanent shortcut i need a permanent location on the start menu and an icon on the the bar at the bottom on the screen.). When I say permanent I mean users should not be able to delete them under any account, including the admin account.The short cut will direct users to a pre-determined webpage. When the webpage opens the user should automatically be blocked from viewing or accessing the address bar. They will only have an option to clear history. They would not be able to enter any domain names because the address bar will be completely blocked (I’m guessing it may be able to configure chrome to open up and stay on full screen.). (I have the homepage already complete)
Expert:  Benjamin Larson replied 5 months ago.

So I'm understanding you want to not connect these machines to a domain and you want to allow admin rights to the users, correct?

If so, they WILL easily be able to change ANYTHING on the computer. That is the point of an admin account in Windows. So your statement of "When I say permanent I mean users should not be able to delete them under any account, including the admin account." will not work unless you had Microsoft redesign how Windows works.

It also looks like you are adding a requirement I don't recall reading about before - that you want a shortcut that is larger than a regular shortcut. Off the top of my head, I'd guess this may be possible, but I'm not sure how much work this would entail. I'm very confused at this point where your requirements are coming from for this project. I'm sure you have an excellent reason for trying to do things a certain way, but at this point I'm confused as to what you are asking for. If you give users admin rights to a computer, usually you don't also try to lock it down (except when you lockdown network resources, and generally with Windows that means you have domain users). So if you are willing and able to describe WHAT you want to do and WHY rather than giving me the HOW, that may be a better option so I can guide you to the solution that will be best for you.

Expert:  Benjamin Larson replied 5 months ago.

Also, my apologies for not getting back to you sooner, I was busy all weekend restoring my boat and I didn't take any time to be on the computer. I should be able to respond much faster now that the workweek has started for me.

Expert:  Benjamin Larson replied 4 months ago.

Hi Bil, do you still need help?

If you can respond to my last post, I'll continue to help you. If you believe I've resolved your issue and provided value, I'd appreciate it if you would rate me. Again, if you still need help, let me know.