Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Ulaiphur

Winlogon script that executes login screen

Recommended Posts

I'm trying to create an HTA script that will allow users to select login through RDP or local login.

I have edited the key 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and edited with mshta C:\startup.hta

 

Now, startup.hta has two basic commands, LocalLogin which should start the local login window and TSLogin which starts the RDP session. As shown below:

 

<html><head><HTA:Application  ApplicationName = "Login Selector"  Border = "Thick"  BorderStyle = "Dialog"  Caption = "Yes"  ContextMenu = "False"  Scroll = "No"  Selection = "False"  SingleInstance = "True"  SysMenu = "Yes"  ShowInTaskBar = "No"  MaximizeButton = "No"  MinimizeButton = "No"  WindowState = "Maximize"><title>Login Selector</title><style></style></head><script language="VBScript">Sub ExitProgram        window.close()    End SubSub TSLogin()Set objShell = CreateObject("WScript.Shell") objShell.Run("mstsc /f /v:someaddr.somesite.com"), 1, TrueEnd Sub    Sub LocalLogin()Set objShell = CreateObject("WScript.Shell") objShell.Run("explorer.exe"), 1, TrueEnd Sub</script></head> <body bgcolor="white"><font face="Arial"><h3>WinLogon</h3><br><br>Please choose login option<br><br><button onclick='vbscript:TSLogin'>Terminal Services</button><br><br><button onclick='vbscript:LocalLogin'>Local Account</button></font></body></html>

The problem is that when I try to select LocalLogin it does not launch the windows login screen. How come launching explorer.exe from winlogon works but doesn't when I executed through this script?

 

Share this post


Link to post
Share on other sites

I am not sure to understand (actually I am pretty sure I do not understand :w00t::ph34r:).

Can you try explaining what is the actual scope/goal (or intended usage paradigm) and when this hta would be run? :unsure:

 

jaclaz

Share this post


Link to post
Share on other sites

The hta file needs to run before the windows login prompt.

 

The idea of the script is to provide users with an UI to be able to select a login option, remote connect to a server using RDP or login locally (default windows login). 

Share this post


Link to post
Share on other sites

The hta file needs to run before the windows login prompt.

 

The idea of the script is to provide users with an UI to be able to select a login option, remote connect to a server using RDP or login locally (default windows login). 

 

Well, and how exactly do you plan to execute it BEFORE the login? :unsure:

Under which credentials would the hypothetical script be run?

In which Win station? :whistle:

 

My guess is that you have not entirely clear the whole NT logon processes, and what you really want/need is a custom GINA (up to XP/2003) or a custom "credential provider" (Vista and later). :dubbio:

 

jaclaz

Share this post


Link to post
Share on other sites

OK, so basically I will need to create a user account as autologin, from that user account run the .hta script above and the do it's thing.

 

The only problem with this is that a user is free to bypass the script and get into windows. Even if the script is launched full screen, If i press alt+tab or windows key it allows me to the the entire OS. I just want the users to be able to use just this script. 

Share this post


Link to post
Share on other sites

I believe that the Shell key is loaded after logon. There used to be HCKU Winlogon Shells in XP, maybe you can use that instead.

Share this post


Link to post
Share on other sites

OK, so basically I will need to create a user account as autologin, from that user account run the .hta script above and the do it's thing.

No :no:, basically you need a custom Gina or "credential provider".

 

The only problem with this is that a user is free to bypass the script and get into windows. Even if the script is launched full screen, If i press alt+tab or windows key it allows me to the the entire OS. I just want the users to be able to use just this script.

Yep :yes:, though it is a "show-stopper" kind of problem :w00t::ph34r: and that is exactly the reason why you need a custom Gina or "credential provider", Q.E.D.

 

An alternative might be a "Native NT" or "bootexecute" executable but if creating a custom GINA/credential provider wasn't complex enough, Native NT programs are possibly "worse".

There is the pGINA project:

http://pgina.org/

http://pgina.org/docs/v3.1/user.html

but it's not something I would recommend without a deep knowledge and understanding of the involved matters.

 

It's pretty much binary or you do something before having logged in ("right") or you do that after having logged in (wrong in this case of choosing between different login methods).

 

You might find this of interest:

http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/windows-nt-6-boot-process.html

 

jaclaz

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...