-
September 7th, 2003, 12:09 PM
#1
Making the Win9x/ME login more secure(sort off)
Making the Win9x/ME login more secure(sort off).
--------------------------------------------------------------
This "securing" is lame but I don't think you can make Win9x/Me
login more "secure", heck if you want a secure loginsystem you
just don't use Win9x/Me.
Hope this isn't a piece of crap, as it is my first tutorial and English is not my native language.
Important:
-You cannot make the Win9x/ME login system secure, but you can stop ordinary users from bypassing the login system.
-Watch out when editing the registry, you can cause problems that may require to reïnstall your operating system.
If everything is done correctly there shouldn't be any problems.
1. Force users to logon
Normally you can just press "Cancel" when the Logon box appears and access the computer. This registry edit will logout the user if the user clicks cancel.
Bring up the control panel -> users and setup your computer for
multiple users.
While logged in open your registry (Start -> Run -> regedit) expand the
[HKEY_USERS] key, there should be several sub-folders including .DEFAULT and
one named to the username you just created. Expand the .DEFAULT key
-> Software -> Microsoft -> Windows -> CurrentVersion -> Run
If this "run" key doesn't exist yet, create it.
Create a new String Value:
Name: NoLogon
Data: "RUNDLL32 shell32,SHExitWindowsEx 0"
You can also achieve the same result by doing this:
Open registry and go to key: [HKEY_LOCAL_MACHINE\Network\Logon]
Create/modify a (new) DWORD value:
Name: MustBeValidated
Value: 1
Base: hexadecimal
This normally prevents network logon bypassing but it also works for standard Windows Logon.
I use this second method.
2. Making it harder for users to find/delete your password file and thus accessing the computer.
Find the .pwl file (in C:\windows) corresponding with your username([username].pwl) and rename
it to something like ad.exe so nobody will think it's a password file. You may also want
to hide the file(right click it -> Properties -> Hidden).
Open system.ini (it's in C:\windows) and scroll down until you find the line [Password Lists].
Below it you see all the usernames created on your computer.
For example:
User1=user1.pwl
User2=user2.pwl
Suppose you renamed user1.pwl to ad.exe; just change
User1=user1.pwl to User1=ad.exe
-----------------------------------------------------------------------------
As you noticed a user can still easily find out what the password file is and delete it but this will stop most users from doing so.
-----------------------------------------------------------------------------
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me
www.elhalf.com
-
September 8th, 2003, 05:02 PM
#2
wow, never knew you could force a logon on win98, that's really cool! Guess you learn something new everyday! Thanks for the very valuable info!
-
September 8th, 2003, 05:17 PM
#3
Nice Post!
I always love to see someone trying the imposssible, and getting it to almost work
My thinking is that if you are using WIN 9x, then you have to rely on the BIOS power up password (for security at least). This can easily be physically disabled, so you need to lock the back of the box?.
My problem with trying to do it within the OS is how do you protect yourself against someone with a boot disk and a reasonable knowledge of DOS?
Cheers
-
September 8th, 2003, 08:14 PM
#4
My problem with trying to do it within the OS is how do you protect yourself against someone with a boot disk and a reasonable knowledge of DOS?
Answer: Take out the floppy drive, and lock the box up
-
September 8th, 2003, 08:20 PM
#5
Member
Or alternatively, lockup the box, disable booting from floppy in the bios, password the bios, and disable safe mode (I think there's something in msdos.sys that you can edit/add, I'll chase that up).
\"Death is more universal than life; everyone dies but not everyone lives.\"
A. Sachs
-
September 10th, 2003, 04:31 PM
#6
This tutorial was probably not very valuable because there aren't many people here using Win9x/ME . If you want a secure login in Windows you'd better use Win2k or XP.
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me
www.elhalf.com
-
September 10th, 2003, 05:32 PM
#7
Remember though, any box that you give physical access too is NOT secure. Unless of course you put it in a safe. If someone handed me a box and said "Ok, format it" And said I had to do it quickly, all I" would have to do is use a boot disk and erase the MBr and or HD, whatever youd like to call it.
To add to this tutorial, If you can (meaning nothing hardware relatyed is in the way) you should be able to put a master lock or some other lock that needs a key to be opened and hook it up to all your CD rom drives so that they cannot be opened without a key. The HPs with the little "door" that opened to get to the DVD drives are a good example.
"When in doubt, use Brute Force."
Never argue with an idiot. They'll drag you down to their level, then beat you with experience.
-
September 10th, 2003, 09:54 PM
#8
Junior Member
Hey el-half,
Amazingly enough there are still people out there that use Win 9x. Hell I'm one of them
To be correct I should say it's one OS i'm still using.
I have already filled this tutorial so thanks for the info.
So thansk much for the info.
PS. Leuk hier nog een andere Belg tegen te komen.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|