Customizing the Login Process

The standard login process can be customized by editing the registry. The procedures described in this section are applicable for both Windows NT 4.0 and Windows 2000.

Specifying the Custom Logo Displayed at Login Time

This tip applies both to Windows NT/2000 and to Windows XP. You can change the screen logo used as a background for the login dialog. Any BMP file can be used for this purpose (for example, a custom logo or any graphical file). To introduce this modification, you need to do the following:

  1. Start the registry editor and expand the HKEY_USERS\.DEFAULT\Control Panel\Desktop registry key.

  2. Find the Wallpaper value entry, and specify the path to the BMP file that you want to use as a background for the login dialog (Fig. 4.6).

    click to expand
    Fig. 4.6: To specify the custom logo displayed at login time, edit the Wallpaper value under HKEY_USERS\.DEFAULT\Control Panel\Desktop

 

In Windows XP this tip will also work, but only if you disable the Welcome screen (Fig. 4.7), which by default is enabled. To disable the Windows XP Welcome screen, open the Control Panel window, start the User Accounts applet, click the Change the way users log on or off option, and clear the Use Welcome screen checkbox (Fig. 4.8).

click to expand
Fig. 4.7: Windows XP Welcome screen

click to expand
Fig. 4.8: Disabling the Welcome screen in Windows XP

 

Notice, that you can customize the Welcome screen itself by adding or removing user accounts to it. To do so, simply expand the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Windologon\SpecialAccounts\UserList registry key. Add the value of REG_DWORD data type, name it as required, and set the value to 0. This account will be hidden from the Welcome screen. If you want to make the account visible again, set the value to 1, and it will appear at the Welcome screen. For example, if you want the Administrator account (which is hidden by default) to appear at the Welcome screen, create the REG_DWORD value, name it Administrator, and set it to 1.

Windows XP Fast User Switching

If you carefully look at the screen shown in Fig. 4.8, you'll immediately notice another interesting Windows XP enhancement—namely, the Fast User Switching option. Since Fast User Switching is new to Windows XP, let's consider it in more detail.

This feature is intended to provide a fast and convenient method of leveraging the data separation technology of Windows NT profiles and providing a fast and convenient mechanism for switching between user accounts.

In Windows XP, if the Fast User Switching feature is enabled, there is no need for the user to log off, since the user's account is always logged on. Therefore, it is possible to switch quickly between all open accounts, without logging off the previous user and preserving his running applications or active Internet connections.

When a Windows XP machine is left alone with a user logged on, the system will return to the Welcome screen while keeping all the applications running. Additionally, notifications appear on the Welcome screen providing information such as the number of users who are logged on, whether a user has unread e-mail, and how many programs are running.

Windows XP Professional also enables users to access data and applications from other machines. On business workstations, Windows XP Professional allows users to access their desktops from remote computers. Thus, for example, you may lock your office workstation, go home, and then connect to your office computer.

 

Both Fast User Switching and Remote Desktop use terminal services technology and work with most earlier Microsoft Win32® applications without requiring any changes. If your application is Windows 2000 Logo Certified, or has followed the Application Specification for Windows 2000, it should run fine in Windows XP.

Also notice that the Fast User Switching feature will be unavailable on Windows XP Professional workstations participating in the domain.

If you are using Windows XP Home Edition or Windows XP Professional on a standalone workstation or workstation belonging to a workgroup, you can enable or disable the Fast User Switching feature by setting or clearing the Use Fast User Switching checkbox. If this checkbox is grayed, as shown in Fig. 4.8, open the Folder Options window, go to the Offline Files tab (Fig. 4.9) and clear the Enable Offline Files checkbox. Confirm your changes, then re-open the User Accounts window. The Use Fast User Switching option will now be available (Fig. 4.10).

click to expand
Fig. 4.9: The Offline Folders tab of the Folder Options window

click to expand
Fig. 4.10: The Use Fast User Switching option is now available

Adding a Custom Message to Be Displayed at Login Time

You can also add custom messages displayed for all users at login time. If you make this change, a small message box containing the custom message text and OK button will appear when the user logs in to the system. The boot process will continue as usual after the user clicks the OK button. You can find tips on this both in Internet forums and in books. However, there's a much easier and safer method of performing this customization. In Windows NT 4.0, you can use the System Policy Editor tool, that is supplied with Windows NT 4.0 Server. In Windows 2000 and Windows XP, you can use the Local Security Policy snap-in. In this section, we'll cover different ways of adding a custom message, using both administrative tools and by editing the system registry directly.

Adding a Custom Windows 2000/XP Login Message Using the Local Security Policy Snap-in

To create a custom login message, proceed as follows:

  1. Start the Administrative Tools applet in Control Panel and select the Local Security Policy option. Expand the Security Settings hierarchical list by selecting the Local Policies | Security Options. The right pane of the MMC window will display the syste policies that can be specified for the local system.

  2. Double-click the Interactive logon: Message text for users attempting to log on option, or right-click this option and select the Properties command. The Interactive logon: Message text for users attempting to log on window will appear (Fig. 4.11).

    click to expand
    Fig. 4.11: Using MMC for specifying a custom login message (Windows 2000 and Windows XP)

  3. Fill in the text field in this window with your custom message text and click OK. To specify the text for the title bar caption, select the Interactive logon: Message title for users attempting to log on option.

Chapter 10 contains more detailed information on using system policies.

Adding a Custom Logon Banner by Editing the Registry Directly

Both the System Policy Editor (Windows NT 4.0 Server) and the Local Security Policy snap-in (Windows 2000) modify the LegalNoticeCaption and the LegalNoticeText registry values located under HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon. To Specify a custom logon banner by direct registry editing, proceed as follows:

  1. Open the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon key (Fig. 4.12).

    click to expand
    Fig. 4.12: The Winlogon registry key

  2. Find the LegalNoticeCaption value entry. Edit its value to specify the phrase that will be displayed as the caption of the custom message box.

  3. Next, open the LegalNoticeText value entry and edit its value to specify the text of your custom message The message shown in our example is only a joke, but experienced administrators will find this capability useful for more practical purposes.

 

In Windows XP, the LegalNoticeCaption and LegalNoticeText values were moved to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system (Fig. 4.13). Values with the same names also exist under KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon. However, the LegalNoticeCaption and LegalNoticeText values under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CurrentVersion\policies\system have priority, and if they are set, the values under the Winlogon registry key will have no effect.

click to expand
Fig. 4.13: The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system registry key (Windows XP)

Automating the Logon Process

In contrast to Windows 95 and Windows 98, the logon procedure used in both Windows NT/2000 and Windows XP is an integral part of the security subsystem. However, there may be times when you want to automate this procedure, so that other users can start your computer and use the account you establish for automatic logon.

Note 

Notice that enabling the Autologon feature, however convenient it may seem, also represents a security risk. Setting a computer for Autologon means that anyone who can physically obtain access to the computer can gain access to all of the computer's contents, potentially including any network or networks it is connected to, and any users who have logged on remotely can view and read it. Therefore, this option is not available for server platforms (for example, you can't configure Windows 2000 Server to use Autologon). The automatic logon feature is also unsupported when you log on to a domain, and therefore you must join a workgroup to use this feature. However, if your computer belongs to a Windows 2000 domain, you can still enable automatic logon by editing the registry (however, in this case doing so is highly risky and undesirable).

To add logon information using Regedit.exe

  1. Start Regedit.exe and locate the following Registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

  2. Locate the DefaultUserName entry, and set its value to the user name that you want to be logged on automatically.

  3. If the DefaultPassword value does not exist, create a new value entry of the REG_SZ data type, rename it to DefaultPassword, and specify the default password as its value.

  4. If the AutoAdminLogon value entry doesn't exist, create a new value of the REG_SZ data type, rename it AutoAdminLogon, and set its value to 1.

  5. Save your changes, and then exit Regedit.

  6. Shutdown and restart your computer.

When you restart the computer, the default user will be logged on automatically.

Note 

Note that the AutoAdminLogon is a type REG_SZ value entry, not a REG_DWORD registry value entry. Also notice that to enable automatic logon, you need to disable the Interactive logon: Do not require CTRL+ALT+DEL Local Security Setting (Fig. 4.14).

click to expand
Fig. 4.14: To enable automatic logon, the Interactive logon: Do not require CTRL+ALT+DEL local security setting must be disabled

To configure the Windows 2000 system for automatic logon, open the Control Panel window and double-click Users and Passwords. In the Users and Password window, clear the Users must enter a user name and password to use this computer checkbox. After you've finished, don't forget to go to the Advanced tab in the same window to check if the Require users to press Ctrl-Alt-Delete before logging on checkbox is set. You'll need to clear this checkbox if you're going to configure the system for automatic logon.

Hiding the Last User Name Logged On

In the previous section, we discussed a setting that weakens your Windows XP security system. Now we're going to discuss a method that will allow you to strengthen security. When the standard Windows NT/2000/XP configuration is used, the system displays the name of the user who successfully logged on last. If you hide this name, the security rules will become more restrictive since guessing both the user name and password is more difficult. This customization is one of the most frequently used. As you can guess, it also requires you to add a new value into the registry. To hide the last logged on user name, proceed as follows:

  1. Run Regedit.exe and open the following Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

  2. Add the DontDisplayLastUserName value and specify the REG_DWORD data type for it.

  3. Set this entry to 1. When you log on to the system next, the name of the user who logged on last won't be displayed. If you need to disable this feature later, set this value to 0.

Note 

You can accomplish the same task using the Local Security Policy snap-in, which has the Interactive Logon: Do not display last logged on user name option. Notice that the same effect can be produced by setting a value with the same name under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon. However, the settings under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System have priority, and if they are set, the same value under the Winlogon key has no effect.



Windows XP Registry
Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software
ISBN: N/A
EAN: 2147483647
Year: 2000
Pages: 144
Authors: Karl Kopper

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net