Solved

Programmatically Unlocking a Windows200 PC

Posted on 2004-08-02
10
382 Views
Last Modified: 2012-06-21
How can I unlock a Win2K computer via script or Visual Basic?
I tried disabling Ctrl + Alt + Del at the group policy so when locking the PC it stays on the screen when you have to enter the password to unlock and then use Sendkeys but that does not work.
We reboot our servers on Saturday mornings and then have to start a program again on this PC. Starting the program with the script I wrote works great if the PC is not locked.
Please help.
Thanks.
0
Comment
Question by:MadridEspana
  • 4
  • 3
10 Comments
 
LVL 22

Expert Comment

by:cookre
ID: 11698191
If the program doesn't use any user-specific features, e.g., HKCU hive, network connection, mapped drive letters, then you could use a service to start it at boot without having to wait for a user logon.

0
 
LVL 22

Expert Comment

by:cookre
ID: 11698256
0
 
LVL 3

Expert Comment

by:travisjhall
ID: 11699420
By "unlock a Win2K computer", do you mean "log on to a Win2K computer"? As in, after reboot, you hit Ctrl+Alt+Del to bring up the logon dialog, enter and username and password, and hit OK to start using the computer?

If so, there's no need to use script or VB to do this (and you may not be able to, anyway. I'm not sure it is possible, and it is certainly somewhat difficult even if it is possible.) Windows 2000 has a built-in feature to do this.

The feature you need is described in MSDN article Q253370. To summarise, you need to edit the registry. Find registry key HKEY_LOCAL_MACHINE\SOFTWARE\WindowsNT\CurrentVersion\WinLogon. Set the DefaultLogon, DefaultPassword and DefaultDomainName values to match whatever logon you wish to use, and set AutoAdminLogon (a REG_DWORD value, in case you need to create it) to 1. (The article doesn't mention DefaultDomainName, but if you are trying to log on using a domain account you will need to set this, I believe.) After doing this, the computer should attempt a logon automatically following a reboot - no programming necessary.

I would advise using Regedt32.exe to set appropriate security permissions on the WinLogon key, to make sure that nobody who shouldn't know it can read you admin logon password out of it.

Also, cookre is right, you can adopt various tactics to run your program as a service, but this isn't always an ideal approach (especially if said program is a third-party product that doesn't work well that way).
0
 
LVL 22

Expert Comment

by:cookre
ID: 11699601
That's a perfectly reasonable thing to do.  As a matter of fact, I do that on my home boxes (the lazy way with TweakUI).

In your environment, you may want to modify your code to do a logoff when the program is done, however, so you don't leave a logged on box unattended.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:travisjhall
ID: 11699771
There are some programs which need to be left running on a server sometimes. We have servers here where I work that are set to logon and run a program automatically and just keep running said program. These are third-party products which aren't suited to being run as a service. (I tend to write my own stuff such that it runs as a service if this is required.) However, our servers are kept in a locked server room. It's not an easy thing to do to physically access those servers, so we aren't terribly worried about the systems having a desktop.

Even if you can't prevent physical access to the machines, though, it is a simple matter to set the machine to automatically lock the desktop, without logging off.
0
 

Author Comment

by:MadridEspana
ID: 11710637
The server is continually running processes. Due to our ERP package MRP and other manufacturing programs can be scheduled to run at night but in order to run a user has to be logged on to the ERP package. You cannot run this as a process. On Saturdays we reboot our servers and in order to this process to be running I wrote a program that uses Sendkeys to log on and click on the Deferred Processing screen program. It works fine if the server is not locked. However the server is supposed to be locked when we are not there. I tried logoff instead of reboot and the logoff batch file works as long as the computer is not locked. It seems that nothing works when the computer is locked.
0
 
LVL 22

Accepted Solution

by:
cookre earned 500 total points
ID: 11711432
Unless I were willing to fiddle with the security model, I'd write a short executable (to run as a service) that calls CreateProcessAsUser() to start the app:

http://win32.mvps.org/security/lu_cpau.html
http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3BQ165194
0
 
LVL 3

Expert Comment

by:travisjhall
ID: 11711746
How are you locking the Server? Have you got something set up which locks it immediately upon logon, or is it a timed lock after a certain period of inactivity?

If it is acceptable for there to be a short delay between logging on and locking, can you just set your screen-saver settings to lock the computer after a certain period of inactivity? Then, you set up an automatic logon (as I described previously), activate the Deferred Processing screen program with a shortcut in the appropriate startup folder or an autorun setting in the registry, and you should have everything up and running before the computer locks the screen.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
nestparen challenge 4 72
groupSumClump challenge 9 98
Path of Workbook 3 59
Installed softare without GUID 6 65
Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now