Windows Standalones

[Cybor]

Making Login name and Password entry a mandatory.

Hi all

As all know Windows maintain profile concept. A profile (\WINDOWS\PROFILES\USERNAME) will be created. The use can customize the desktop, start menu and programs etc. User profile gets loaded when the correct username and password is provide during login else, default profile gets loaded. If ESC key is pressed windows leads to default profile.

Windows 9x, ME, 2K standlone versions bypass login dialog. Anyway the use can access system files and folders and other stuff. I am writing a program (a login dialog) where the username and password is mandatory. If a user clicks cancel, windows gets shut down. I am doing groundwork.

Do let me know the option to be given with RUNDLL32.exe

[{P²P}Apocalypse]

Thats all well and fine. But, and a big but at that. Anyone that can use DOS could still bypass your login in 9X and ME. If it's FAT32 it can be accessed from a boot disk and files can be copied, moved or deleted etc...

In Win2000 though. You can use your admin tools and force users to ctl, alt, del to login.

You can always remove the floppy access or password the bios. But these can be bypassed as well. Encryption is your best bet. Even though I have my systems secured a way can be found in if someone tried hard enough. So anything I don't want anyone to have, I encrypt it and mack an encrypted copy to cdr in case something happens to the machine.

Good luck though. I admire your initiative.......


PS: As far as the profiles in Win9X. You can use a startup disk and boot to DOS then navigate to the appropriate directory and delete the .pwl file and boom. The profile passwords are gone. Yes this works with me also with many widely available custom boot disks.

[Manic Alex]

I use a smart card reader to encrpyt my files on XP. None of my system will work without the smartcard, if it's removed then the system goes into hibernate and so cannot be accessed... [Disable the Power button, and you're away! I know that you can get a pre-boot initialising encryption system [Win 9x etc.. being DOS based, not hard to do...] As for encryption, Steganos Security Suite [ http://www.steganos.com/./en/ ] will do on the fly encryption and steganographic disguising... [Hiding files in other files.]
I've used it, and found it to be superb.

Maybe someone can recommend a better system...

Hope this gives some ideas! Good luck!

[jaguar291]

Originally posted here by {P²P}Apocalypse
PS: As far as the profiles in Win9X. You can use a startup disk and boot to DOS then navigate to the appropriate directory and delete the .pwl file and boom. The profile passwords are gone. Yes this works with me also with many widely available custom boot disks.

Can't that be done in Windows 2k and XP also?

[Rna]

Well, as good an idea as it is, if your that worried about a stand alone system why not simply stick a CMOS password on it? It dosent look as pretty as a Windows GUI user/pass, but its probably more effective. Not much you can do to bypass that one, short of opening the case, removing the battery, blah blah.

[Manic Alex]

With Xp, I have found that with the NTFS file system, you need a specific NT boot disk, so I expect there is software that will allow pre-OS control, but I haven't come across it yet. 2000 being NT based, too, the NTFS problem comes up again. If you have XP in FAT32 [or 64] mode then a DOS boot disk will allow full access to the file system.

Being a newbie, someone please do correct me if I'm wrong! This is what I am aware of so far...

[{P²P}Apocalypse]

Originally posted here by jaguar291


Can't that be done in Windows 2k and XP also?

No not with a DOS boot disk if it's an NTFS partition. Unless you have the commercial version of NTFS DOS. Available here:
http://www.sysinternals.com/ntw2k/fr.../NTFSDOS.shtml
However if you use limited accounts, force login, password complexity, minimum password length and use the NT encrypting file system (EFS). It's not as easy. Or if someone brute forces it remotely etc... As I said. With any machine given enough time and resources, can be broken into. Thats why I say use strong crypto, good pyhsical security, keep software and av up to date, long random charachter passwords etc... All it takes is someone to have a few minutes on your system and they can place a keylogger. They even have physical hardware keyloggers that will fit on your PS2 keyboard cable. So it takes a combination of a lot of things to be serious about security. This is what we as pro's have to stay vigilant for.

In XP if you use FAT 32 instead of NTFS the ole' DOS disk will work....

[ammo]

Originally posted here by Cybor
Windows 9x, ME, 2K standlone versions bypass login dialog.

This is (partly) wrong. You CANNOT bypass winlogon (msgina) on Win2000 nor NT even on a standalone workstation. You can, however, have w2k logon automatically as a common users, but it does not mean that winlogon can be bypassed.

I do believe also that you can make loging on mandatory in 9x/me with sys polices (poledit) (for what it's worth)...

As for the idea, well, I'm sure it's well intentioned, but I'd think it over again: do you think this will really bring you/others security? If you do, good for you go ahead... But IMHO, your idea is futile. Security must be thought at design time. It can hardly be patched on (we've already observed that time over time). This also means that if you go ahead with the idea, you must think of all the surrounding implications that might jeopardize your design... Not an easy task!

Still, if you want to do this just to code something and learn, by all means proceed!

Ammo

[Bug_Master]

i don't remember how but you can disable ESC in login process in registry, try to search about it. i already did that and it worked but in W9x/me you can always bypass the login in many ways.

[Manic Alex]

There is a program for all the Windows family including NT/2k and XP, called Secure Desktop.

It does all, and, more of exactly the keystrokes you wish to disable at the registry level.

I've no idea [except maybe certain websitez] where you can get it from, but this url is the program spec website: http://visualautomation.com/comprod/...6/secure_d.htm

Take a look, it might be what you need....

Sorry, don't mean to sound like an advertising agency! Just used the program, and it's pretty cool!