Sometimes you'd like to force an application program to use some command line arguments
(also called command line switches or command line options).
For example you may prefer all executions of FireFox
to include the
-safe-mode command line argument.
Unfortunately implementing such a thing in the Windows world is hard.
If your users are cooperative and just want some way to get the right command line arguments without a lot of work, you can manipulate the properties of "shortcut" icons to supply the arguments. But if your users are not cooperative and look for ways to bypass your command line arguments, it unfortunately may be difficult to solve the problem on a vanilla Windows system.
There are many different ways to launch an application under Windows. And although you can apply your command line arguments to some of them, other ways allow your command line arguments to be circumvented. Each of the following methods of launching an application is amenable to adding command line arguments. (But the command line arguments must be added to each method separately - there is no shared method for remembering command line arguments.)
On the other hand, the following methods of launching an application in Windows have no provision for allowing you to even "suggest" command line arguments:
(Newer versions of Windows have a feature that goes by the generic name shim, which may be useful in some similar cases and may partially invalidate the statements above. The writer has no detailed experience with this feature, and does not know whether or in which cases the feature may be able to provide functionality similar to forcing command line arguments.)
Under *nix-like Operating Systems, forcing an application to use particular command line arguments is straightforward. Remove the permissions that allow the target users to launch the application directly. Then create a "shim" that can be launched by the target users which will in turn launch the application. (The shim is conventionally a *nix "shell script", which is very easy to create, debug, and modify.) Allow the target users to execute the shim, but not to modify it. Now the only way target users can launch the application is through the shim, which specifies the desired command line arguments and which the target users cannot modify.
As the special privileged user which the target users can't access, set the SETGID permissions bit on the "shim". When a target user executes the shim, it will internally change its identity to the Group of the special user that set up the shim, which then has the permissions to execute the desired application.
If a target user attempts to launch the application directly, they will be told "permission denied". If instead a target user launches the shim, it will in turn launch the desired application but only with the command line arguments the owner of the shim specified. If a target user attempts to modify the shim, they will be told "permission denied". And if a target user makes their own copy of the shim so they can modify it, it won't have the right permissions and won't be able to launch the desired application.
(One could do the same thing with the SETUID permissions bit, but this isn't recommended as it's more of a security risk than SETGID. In any case, to minimize security risk, the owner and group of the shim should be something other than "root" or the administrators main group.)
Windows-style Operating Systems have no analog of SETGID permissions, so this procedure is unfortunately not directly transferrable.
Forcing an application to use particular command line arguments could be done with some 16-bit DOS applications being run under Windows by specifying the desired command line arguments in a .PIF file. But it was too easy to circumvent that even for some 16-bit DOS applications, and it doesn't work with native Windows applications.
To have most users most of the time use your command line arguments when launching an application, modify every one of these items:
However this isn't even mildly tamper-proof. It's trivial in Windows to launch an application without using any of the mechanisms you modified above. It's quite possible a creative student/user will figure out how to bypass your command line arguments, then tell other students/users, and soon most of your student/user population will be bypassing your desired command line arguments.
If the application's altered behavior isn't very noticeable or annoying, you may be able to get by with this method. But if you can't tolerate any user ever bypassing your command line arguments, give it up and look for some other overall design instead. This information is very probably correct as of January 2006. But proving a negative is quite hard; there's always a small possibility this is incorrect.
Theory suggests forcing a Windows application to use particular command line arguments may indeed be possible (but may not be easy enough to be included in an administrator's bag of reasonable tricks). The following are prime candidates for further investigation:
NTsuto your systems. Its shims that simulate *nix SETUID behavior will contain the password you want to hide. Even though the password is encrypted, a determined cracker will be able to recover it, and might even use the tool to break into other parts of systems.
SHCreateProcessAsUserW(...)Windows API calls. The shim would have to contain a password, which of course should be encrypted. There would have to be a separate shim for each desired application, potentially leading to a maintenance nightmare. This would probably essentially be coding your own
NTsuso you don't have to pay the shareware fee. But it would be subject to all the same limitations - in fact, your knockoff would probably be even less secure than