Anybody ever seen anything like this?
Results 1 to 6 of 6

Thread: Anybody ever seen anything like this?

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    Anybody ever seen anything like this?

    I've got a user who's just returned from China, where he was staying in a hotel in Beijing (Peking for you oldtimers...yar!). So he gets to the hotel on the 3rd, boots up our company laptop (a loaner) after hooking it up to their ethernet. And he describes the computer going thru the bootup process normally, but then getting a 'purple' login screen before he gets the standard Ctrl-Alt-Del Windows login (this is an old W2K unit, joined to our domain). And he has to enter his name and room number before he gets to the computer/domain login. Now, he only does this once during his stay. They do this apparently to bill his time on the 'net.

    How did this Chinese hotel do this, and what did they do to our loaner? I've yet to really pore over it. I've debriefed the user several times today and may add some notes to this post yet. I know the user fairly well and he is tech savvy. I'm VERY surprised someone could pull off an 'interdiction' in the Windows boot process as he describes. Any clues appreciated.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    The only way to get anything on it before windows would be to use a PXE boot. There's no way in hell they're able to get something on that machine (and start it!) before the user logs on. Not unless there's something seriously wrong with the setup but I'm assuming a "regular" company install here.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hrmm.. Did he see his "normal" boot BIOS options? Did he see the Windows splash screen? Possible BartPE boot?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm, I would guess that the issue is he connected to their ethernet first?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    If I had to guess your user is mistaken. He probably had to log into their network before he started a VPN session with your network, or before he could browse to any other website. That is the way I've seen networks at hotels work. Same way it works at places like Starbucks.

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    User error is always a possibility. David's been around the block with PC's though. It was definitely not a browser-based login according to him. He said the ethernet hooked directly into a can-shaped device in the hotel, that, I assume, tracked his time on the web. This was at the Holiday Inn Lido in Beijing.

    He played around with it at first, trying to avoid the login on the purple hotel screen. He said the screen popped up whenever an ethernet cable got plugged in, or if it was plugged in on booting, as I described in my first post. This is an old, old Toshiba with a pcmcia nic which I doubt is bootable, but I'll check the bios.

    I searched for any newly installed exe's and dll's and all there was was some Symantec dll's. No exe's. I'm trying to nail him down a bit on dates so as to peruse the logs.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides