View Poll Results: Buy The System And.....
- Voters
- 8. You may not vote on this poll
-
If it works leave it...
-
If it doesn\'t work install windows...
-
If it doesn\'t work install linux...
-
Don\'t be a moron... Just forget about it...
-
June 12th, 2002, 05:21 AM
#1
Junior Member
Windows Standalones
Making Login name and Password entry a mandatory.
Hi all
As all know Windows maintain profile concept. A profile (\WINDOWS\PROFILES\USERNAME) will be created. The use can customize the desktop, start menu and programs etc. User profile gets loaded when the correct username and password is provide during login else, default profile gets loaded. If ESC key is pressed windows leads to default profile.
Windows 9x, ME, 2K standlone versions bypass login dialog. Anyway the use can access system files and folders and other stuff. I am writing a program (a login dialog) where the username and password is mandatory. If a user clicks cancel, windows gets shut down. I am doing groundwork.
Do let me know the option to be given with RUNDLL32.exe
Cybor - The Cyber Organism
[gloworange]Stay Connected.[/gloworange]
-
June 12th, 2002, 05:35 AM
#2
Thats all well and fine. But, and a big but at that. Anyone that can use DOS could still bypass your login in 9X and ME. If it's FAT32 it can be accessed from a boot disk and files can be copied, moved or deleted etc...
In Win2000 though. You can use your admin tools and force users to ctl, alt, del to login.
You can always remove the floppy access or password the bios. But these can be bypassed as well. Encryption is your best bet. Even though I have my systems secured a way can be found in if someone tried hard enough. So anything I don't want anyone to have, I encrypt it and mack an encrypted copy to cdr in case something happens to the machine.
Good luck though. I admire your initiative.......
PS: As far as the profiles in Win9X. You can use a startup disk and boot to DOS then navigate to the appropriate directory and delete the .pwl file and boom. The profile passwords are gone. Yes this works with me also with many widely available custom boot disks.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
June 12th, 2002, 06:10 AM
#3
Junior Member
-
June 12th, 2002, 06:11 AM
#4
Originally posted here by {P²P}Apocalypse
PS: As far as the profiles in Win9X. You can use a startup disk and boot to DOS then navigate to the appropriate directory and delete the .pwl file and boom. The profile passwords are gone. Yes this works with me also with many widely available custom boot disks.
Can't that be done in Windows 2k and XP also?
-
June 12th, 2002, 06:17 AM
#5
Junior Member
Well, as good an idea as it is, if your that worried about a stand alone system why not simply stick a CMOS password on it? It dosent look as pretty as a Windows GUI user/pass, but its probably more effective. Not much you can do to bypass that one, short of opening the case, removing the battery, blah blah.
-
June 12th, 2002, 06:19 AM
#6
Junior Member
With Xp, I have found that with the NTFS file system, you need a specific NT boot disk, so I expect there is software that will allow pre-OS control, but I haven't come across it yet. 2000 being NT based, too, the NTFS problem comes up again. If you have XP in FAT32 [or 64] mode then a DOS boot disk will allow full access to the file system.
Being a newbie, someone please do correct me if I'm wrong! This is what I am aware of so far...
\"The universal aptitude for ineptitude makes any human accomplishment and incredible miracle...\"
-
June 12th, 2002, 06:24 AM
#7
Originally posted here by jaguar291
Can't that be done in Windows 2k and XP also?
No not with a DOS boot disk if it's an NTFS partition. Unless you have the commercial version of NTFS DOS. Available here:
http://www.sysinternals.com/ntw2k/fr.../NTFSDOS.shtml
However if you use limited accounts, force login, password complexity, minimum password length and use the NT encrypting file system (EFS). It's not as easy. Or if someone brute forces it remotely etc... As I said. With any machine given enough time and resources, can be broken into. Thats why I say use strong crypto, good pyhsical security, keep software and av up to date, long random charachter passwords etc... All it takes is someone to have a few minutes on your system and they can place a keylogger. They even have physical hardware keyloggers that will fit on your PS2 keyboard cable. So it takes a combination of a lot of things to be serious about security. This is what we as pro's have to stay vigilant for.
In XP if you use FAT 32 instead of NTFS the ole' DOS disk will work....
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
June 12th, 2002, 07:01 AM
#8
Re: Windows Standalones
Originally posted here by Cybor
Windows 9x, ME, 2K standlone versions bypass login dialog.
This is (partly) wrong. You CANNOT bypass winlogon (msgina) on Win2000 nor NT even on a standalone workstation. You can, however, have w2k logon automatically as a common users, but it does not mean that winlogon can be bypassed.
I do believe also that you can make loging on mandatory in 9x/me with sys polices (poledit) (for what it's worth)...
As for the idea, well, I'm sure it's well intentioned, but I'd think it over again: do you think this will really bring you/others security? If you do, good for you go ahead... But IMHO, your idea is futile. Security must be thought at design time. It can hardly be patched on (we've already observed that time over time). This also means that if you go ahead with the idea, you must think of all the surrounding implications that might jeopardize your design... Not an easy task!
Still, if you want to do this just to code something and learn, by all means proceed!
Ammo
-
June 12th, 2002, 08:56 AM
#9
Member
i don't remember how but you can disable ESC in login process in registry, try to search about it. i already did that and it worked but in W9x/me you can always bypass the login in many ways.
-Mamma... Mamma... I want to let school !!! - kid
-Why my dear? - Mom
-Because i heard in television that some guy was killed because he knew to much!!!-Kid
-
June 12th, 2002, 09:45 AM
#10
Junior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|