2

This is effectively a repost of my question at StackOverflow, before I settle on a programmatic solution:

https://stackoverflow.com/questions/7530734/creating-a-cookie-outside-of-a-web-browser-e-g-with-vbscript

Essentially, a customers users are using a website that plays up with some other technology we roll out. We've exhausted all other routes in getting things to work properly, so I'm now in workaround / bodge territory.

I've found an option on the website which does make things work. However, it's undesirable (And needless convoluted unfortunately) for us to direct the users to configure this themselves.

Therefore, what I'd like / need to do is to set a cookie on computer logon. All the cookie contains is "0:-" which just disables the feature we need to disable.

Again, I realise this is highly undesirable but assuming I can find a way out of this, then I'll be out of the woods. Ideally in VBScript, but really anything that is invisible to the users is good.

Just for context, this is a Server 2008 R2 domain with Vista and Windows 7 Clients running IE8 and IE9. That is the scope for work and all I need to get working!

I'm happy to hear alternative suggestions, but the end result is that we want to automatically disable this websites feature for our users.

Any help gratefully received.

Community
  • 1
Dan
  • 15,430
  • 1
  • 36
  • 67

2 Answers2

0

If it were possible to manipulate cookies on a remote machine without the user accessing the site, then there wouldn't be much security would there?

Even if you've got full admin rights on the client machine, it would be very difficult to find the right directory to create the file in.

The only practical solution I can think of is to route requests through a proxy which adds the cookie to outgoing requests and/or sets it in responses. It's possible to do this with Varnish or squid - no idea if MSISA can do this.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • Bit of an odd response, in my opinion. You can see I've already found a programmatic solution (Which uses standard MS API's, so nothing sketchy), I just wondered if there was a more transparent way. Likewise, cookies are in %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies. That said, thanks for the proxy thought. A good solution, though probably not practical here. I'll probably end up just chucking an EXE in a login script. – Dan Sep 26 '11 at 12:38
  • There need not to be any security measure protecting the cookies from a machine's administrator access. Meanwhile I wonder why you don't just use a a user browser session to set your cookie and just copy the cookie file to %appdata%\microsoft\windows\cookies of all users (maybe after some mangling of the contents and only if it is not present yet) – the-wabbit Sep 26 '11 at 16:08
  • That was my first thought Syneticon, but I encountered a few problems. Firstly, cookies don't get their own file so I'd have to overwrite any previous cookies first. Cookies also seem to have 'random' names on IE9. Finally, it just doesn't seem possible as IE tracks cookies using the index.dat file. – Dan Sep 26 '11 at 18:55
0

I wanted to provide an answer to this. Sadly, there wasn't one that I could ever find so we used the programmatic solution that I came up with here:

https://stackoverflow.com/questions/7530734/creating-a-cookie-outside-of-a-web-browser-e-g-with-vbscript

It worked fine, though in the end we were able to get the root cause sorted.

Community
  • 1
Dan
  • 15,430
  • 1
  • 36
  • 67