I want to launch single Internet explorer instane as different user with Selenium. I referred to the following post but not getting anywhere.
How can I run Internet Explorer Selenium tests as a specific domain user?
Can you point me in the right direction how it can be achieved?
You can achieve that using URI authentication. For Google Chrome that behavior works without any additional changes, but for IE it blocked by default. You can unlock it by:
Set the DWORD value's value data to 1 in one of the following registry keys.
For all users of the program, set the value in the following registry
key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
For the current user of the program only, set the value in the
following registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
After that you will be able to use next URI to achieve your needs:
http://username:password#host/
If you want to provide domain name, you need encode that like http://domain%5Cusername:password#host/
Source https://support.microsoft.com/en-us/kb/834489
Related
I need to build a console program to read and update the chrome browser setting.
Where should I start?
Check if you can modify the following file.
Location - c:\Users\\AppData\Local\Google\Chrome\User Data\Default\Preferences
This file contains a few settings. I have never done this so not sure if you can modify the file. But looks like a good start. Also, not sure if chrome rebuilds the file. (It was updated when I opened chrome while this file was open on my machine).
Chrome settings are stored in the registry, so here to read/write the registry and here for the list of available settings.
RegistryKey key = Registry.CurrentUser.CreateSubKey(#"SOFTWARE\OurSettings");
/// Reading value
var value = key.GetValue("Setting1");
/// Setting value
key.SetValue("Setting1", "This is our setting 1");
Be aware by Google's warning if you are not developing this for internal use :
These policies are strictly intended to be used to configure instances of Google Chrome internal to your organization. Use of these policies outside of your organization (for example, in a publicly distributed program) is considered malware and will likely be labeled as malware by Google and anti-virus vendors.
Does someone get any hint for accessing Microsoft.Web.Administration.ServerManager.Sites collection on Win8.1 (and Win8) if the user got no right on file "%SystemRoot%\System32\inetsrv\config\redirection.config" ?
Because the user will get UnauthorizedAccessException in this case...
More largely, on Win8 you can get into trouble on any Microsoft.Web.Administration.ServerManager property if your user has no right on "%SystemRoot%\System32\inetsrv\config".
This works perfectly on Win7, W2008 and W2012..
HowTo: http://www.iis.net/learn/manage/scripting/how-to-use-microsoftwebadministration
I need this in a WiX c# Custom Action launched in 'client' step (while in UI) to browse installed Web sites and applications on them for unicity check on new WebApplication name.
Of course, I cant find any relevant answer for this while googling. There are only a few answers out and they hint to launch with elevated privilege or change the rights on the folder, witch of course is not feasible in a regular user setup UI process.
Ex: http://sharepointyankee.com/2011/03/30/system-unauthorizedaccessexception-filename-redirection-config/
Just for information, it seems to be no way to get rid of this...
So I choose to modify my Custom Action to ignore this case by catching UnauthorizedAccessException and still set success for unicity check and return a success for the CA call.
In this case in client step I won't get a failure, with counterpart that I can't get the real result of the unicity check. But I get the result if it wont fail with UnauthorizedAccessException and I can spawn a dialog to the user inviting him to change the site name.
Then in server step where by the way this check ever works I do the same test to be able to fail the setup with a clear message if the website is not unique.
This is not the best for the user who must then restart the setup to change the site name but it works and avoid strange failures by trying to create two websites with the same name.
Any idea how do I do the following using C#?
Going to Tools -> Internet Options -> Security
Select the Security tab
Click the Custom Level button
In the Miscellaneous section change Display mixed content to Enable
The "cheat" way to do this is to change the value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4\1609
Where 0-4 are Zone identifiers and the value is 0 to Allow, 1 to Prompt, and 3 to Block. Keep in mind that if your code does this on anyone's machine but your own, you're likely to find your code blocked as malware.
The "proper" way to do this is to use the APIs to create an IInternetZoneManager and call SetZoneActionPolicy to adjust the settings for URLACTION_HTML_MIXED_CONTENT in the zones you want to adjust.
You aren't supposed to do this "programmatically". That's why there isn't an API for it. Only the user can change their security settings, and they do it using the built-in interface that you've already discovered.
The poor IE team has been working overtime trying to tighten up the security of their browser. They're not going to throw in something like this that would nullify all of their efforts in a matter of seconds.
Recall that even once this option is selected, there's a confirmation dialog presented. How do you propose to "click" that programmatically? (Hmm, on second thought, don't tell me. That's probably the next question you'll be asking.)
Give up on trying to do this programmatically, and ask the user to do it themselves. Provide a complete help file or other documentation that explains why you're requesting that they make this change, what features will be unavailable if they do not choose to make this change, and what the possible security risks of making such a change are. And, of course, specific instructions on how the change is made.
Or, better yet, redesign your app so that it doesn't require a system-wide modification of IE's security settings. It's hard to imagine a legitimate case for this. A better solution might be asking the user to add your site to their "trusted sites". Remember that local pages have different security settings than remote pages by default.
Also do not forget Group Policies. Most (if not all) IE settings may also be specified in Group Policies.
According to Local group policy setting for IE security page vs Internet options security page
the Group Policy settings override user-defined settings.
So, on my home PC (works without domain controller) I have a choice to define IE settings either via Local Group Policy Editor or via Internet Options. For example, if I run gpedit.msc to open Local Group Policy Editor, select
Computer Configuration\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
change "Display mixed content" setting to "Enabled", then select "Enable" in drop down box, click Apply,
then open Security Settings for Internet Zone in IE - I will see that "Display mixed content" changed to Enable and
the selection is disabled because it is overriden by Policy.
For the entire list of supported policies download WindowsServer2012andWindows8GroupPolicySettings.xlsx
from
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Now back to the question how to change settings programmatically.
EricLaw correctly suggested using SetZoneActionPolicy from IInternetZoneManager.
But it is hard to find samples for calling it from C#.
I ended up copying
http://www.pinvoke.net/default.aspx/Interfaces.IInternetZoneManager
into my code and then doing:
//This will disable "Download signed ActiveX" (IE setting # 0x1001) for Internet Zone (zone #3)
IInternetZoneManager izm = Activator.CreateInstance(Type.GetTypeFromCLSID(new Guid("7b8a2d95-0ac9-11d1-896c-00c04Fb6bfc4"))) as IInternetZoneManager;
IntPtr pPolicy = Marshal.AllocHGlobal(4);
Marshal.Copy(new int[] { 3 }, 0, pPolicy, 1);//3 means "Disable"
int result = izm.SetZoneActionPolicy((uint)UrlZone.Internet, (uint)0x1001, pPolicy, 4, (uint)UrlZoneReg.CurrentUserKey);
Marshal.ReleaseComObject(izm);
Marshal.FreeHGlobal(pPolicy);
I also tried changing group policy programmatically.
I used library from
https://bitbucket.org/MartinEden/local-policy
and then:
//This will disable "Download signed ActiveX controls" computer policy for Internet Zone (zone #3)
const string keyPath = #"SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3";
var gpo = new LocalPolicy.ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(LocalPolicy.GroupPolicySection.Machine))
{
using (var terminalServicesKey = machine.CreateSubKey(keyPath))
{
terminalServicesKey.SetValue("1001", 3, Microsoft.Win32.RegistryValueKind.DWord);
}
}
gpo.Save();
After successfully testing the code above on Win7 SP1 with IE 11 I decided to go back to the original suggestion from EricLaw: modify
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\*\1001
directly because this is what Microsoft is recommending. See, for example How to strengthen the security settings for the Local Machine zone in Internet Explorer or Enhanced Browsing Security
I am not sure but I think you can find all these settings in "registry". You need to find out the appropriate key. And to change those values you need to have proper rights. Registry can be accessed from .net code
I had asked about this in some other thread and got the link to access remote registry. But the problem I am now facing is I am not able to add any values in to registry. I was trying to add some values to an existing entry in a registry by using following code but not doing anything in remote registry:
RegistryKey rk;
rk = RegistryKey.OpenRemoteBaseKey(
RegistryHive.CurrentUser, ReadServerName());
regkey = rk.OpenSubKey(LeafRegistry.LeafRoot + "\\sim\\NewView\\");
regkey.SetValue("runsystem", SIMserver);
UPDATE
RegistryHive.LocalMachine will work here, I can open and do all operation, but then why for RegistryHive.CurrentUser ? What I am saying is in the above code I will get value for 'rk' but I cannot get value for regkey which will become null, I think for CurrentUser OpenSubKey is not working.
UPDATE
When I analyzed in depth, I saw for except this particular key, all other keys are accessible. I am wondering what is going on for this specific key, I checked permission also after right clicking, but couldn't see it?
You will almost certainly require permissions in most cases when you are attempting to change registry values on remote machines across a network. Also, in a lot of cases, even where you can amend the registry values they can be refreshed via Group Policies and reverted back.
It could be that there are certain parts of the registry that you are restricted from editing,
If you don't have administrator privelages then I think you will come unstuck.
This is not going to work. Suppose the user account your program is accessing remote machine under is not logged in on the remote machine. What should Windows do? Actually, documentation for RegConnectRegistry, which is what OpenRemoteBaseKey calls internally, does not even list HKEY_CURRENT_USER as a permissible argument.
I need to hide a user account name from "Switch User" screen on Windows. For that I need to add that user's name into
Local Computer Policy / Computer configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment / "Deny log on locally".
I need to do that programmatically.
Do you know how to do that in .NET C#?
Any link or any hint might be helpful...
Thanks.
You need to write information in registry
at first read this Configuring User Rights (you can find the same for other OS)
at second read this Read-write-and-delete-from-registry
EDIT
For Win7 and Vista Win7 and Vista
EDIT2
Go to "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" and create a new key called "SpecialAccounts". Create a subkey of "SpecialAccounts" called "UserList". In the "UserList" key, create a DWORD value with the name of the account you want to hide, and leave the value of that DWORD set to 0. Do this for every account you want to hide.
all of this you can do with second link