Jump to content

Winlogon script that executes login screen

Ulaiphur

By Ulaiphur
in Windows 8

 Share

Recommended Posts

Ulaiphur

Ulaiphur

Posted
Posted

I'm trying to create an HTA script that will allow users to select login through RDP or local login.

I have edited the key 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and edited with mshta C:\startup.hta

 

Now, startup.hta has two basic commands, LocalLogin which should start the local login window and TSLogin which starts the RDP session. As shown below:

 

<html><head><HTA:Application  ApplicationName = "Login Selector"  Border = "Thick"  BorderStyle = "Dialog"  Caption = "Yes"  ContextMenu = "False"  Scroll = "No"  Selection = "False"  SingleInstance = "True"  SysMenu = "Yes"  ShowInTaskBar = "No"  MaximizeButton = "No"  MinimizeButton = "No"  WindowState = "Maximize"><title>Login Selector</title><style></style></head><script language="VBScript">Sub ExitProgram        window.close()    End SubSub TSLogin()Set objShell = CreateObject("WScript.Shell") objShell.Run("mstsc /f /v:someaddr.somesite.com"), 1, TrueEnd Sub    Sub LocalLogin()Set objShell = CreateObject("WScript.Shell") objShell.Run("explorer.exe"), 1, TrueEnd Sub</script></head> <body bgcolor="white"><font face="Arial"><h3>WinLogon</h3><br><br>Please choose login option<br><br><button onclick='vbscript:TSLogin'>Terminal Services</button><br><br><button onclick='vbscript:LocalLogin'>Local Account</button></font></body></html>

The problem is that when I try to select LocalLogin it does not launch the windows login screen. How come launching explorer.exe from winlogon works but doesn't when I executed through this script?

 

Link to comment
Share on other sites

jaclaz

jaclaz

Posted
Posted

I am not sure to understand (actually I am pretty sure I do not understand :w00t::ph34r:).

Can you try explaining what is the actual scope/goal (or intended usage paradigm) and when this hta would be run? :unsure:

 

jaclaz

Link to comment
Share on other sites
Ulaiphur

Ulaiphur

Posted
  • Author
Posted

The hta file needs to run before the windows login prompt.

 

The idea of the script is to provide users with an UI to be able to select a login option, remote connect to a server using RDP or login locally (default windows login). 

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

The hta file needs to run before the windows login prompt.

 

The idea of the script is to provide users with an UI to be able to select a login option, remote connect to a server using RDP or login locally (default windows login). 

 

Well, and how exactly do you plan to execute it BEFORE the login? :unsure:

Under which credentials would the hypothetical script be run?

In which Win station? :whistle:

 

My guess is that you have not entirely clear the whole NT logon processes, and what you really want/need is a custom GINA (up to XP/2003) or a custom "credential provider" (Vista and later). :dubbio:

 

jaclaz

Link to comment
Share on other sites
Ulaiphur

Ulaiphur

Posted
  • Author
Posted

OK, so basically I will need to create a user account as autologin, from that user account run the .hta script above and the do it's thing.

 

The only problem with this is that a user is free to bypass the script and get into windows. Even if the script is launched full screen, If i press alt+tab or windows key it allows me to the the entire OS. I just want the users to be able to use just this script. 

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

OK, so basically I will need to create a user account as autologin, from that user account run the .hta script above and the do it's thing.

No :no:, basically you need a custom Gina or "credential provider".

 

The only problem with this is that a user is free to bypass the script and get into windows. Even if the script is launched full screen, If i press alt+tab or windows key it allows me to the the entire OS. I just want the users to be able to use just this script.

Yep :yes:, though it is a "show-stopper" kind of problem :w00t::ph34r: and that is exactly the reason why you need a custom Gina or "credential provider", Q.E.D.

 

An alternative might be a "Native NT" or "bootexecute" executable but if creating a custom GINA/credential provider wasn't complex enough, Native NT programs are possibly "worse".

There is the pGINA project:

http://pgina.org/

http://pgina.org/docs/v3.1/user.html

but it's not something I would recommend without a deep knowledge and understanding of the involved matters.

 

It's pretty much binary or you do something before having logged in ("right") or you do that after having logged in (wrong in this case of choosing between different login methods).

 

You might find this of interest:

http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/windows-nt-6-boot-process.html

 

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...