Solved

Programmatically Unlocking a Windows200 PC

Posted on 2004-08-02
10
381 Views
Last Modified: 2012-06-21
How can I unlock a Win2K computer via script or Visual Basic?
I tried disabling Ctrl + Alt + Del at the group policy so when locking the PC it stays on the screen when you have to enter the password to unlock and then use Sendkeys but that does not work.
We reboot our servers on Saturday mornings and then have to start a program again on this PC. Starting the program with the script I wrote works great if the PC is not locked.
Please help.
Thanks.
0
Comment
Question by:MadridEspana
  • 4
  • 3
10 Comments
 
LVL 22

Expert Comment

by:cookre
ID: 11698191
If the program doesn't use any user-specific features, e.g., HKCU hive, network connection, mapped drive letters, then you could use a service to start it at boot without having to wait for a user logon.

0
 
LVL 22

Expert Comment

by:cookre
ID: 11698256
0
 
LVL 3

Expert Comment

by:travisjhall
ID: 11699420
By "unlock a Win2K computer", do you mean "log on to a Win2K computer"? As in, after reboot, you hit Ctrl+Alt+Del to bring up the logon dialog, enter and username and password, and hit OK to start using the computer?

If so, there's no need to use script or VB to do this (and you may not be able to, anyway. I'm not sure it is possible, and it is certainly somewhat difficult even if it is possible.) Windows 2000 has a built-in feature to do this.

The feature you need is described in MSDN article Q253370. To summarise, you need to edit the registry. Find registry key HKEY_LOCAL_MACHINE\SOFTWARE\WindowsNT\CurrentVersion\WinLogon. Set the DefaultLogon, DefaultPassword and DefaultDomainName values to match whatever logon you wish to use, and set AutoAdminLogon (a REG_DWORD value, in case you need to create it) to 1. (The article doesn't mention DefaultDomainName, but if you are trying to log on using a domain account you will need to set this, I believe.) After doing this, the computer should attempt a logon automatically following a reboot - no programming necessary.

I would advise using Regedt32.exe to set appropriate security permissions on the WinLogon key, to make sure that nobody who shouldn't know it can read you admin logon password out of it.

Also, cookre is right, you can adopt various tactics to run your program as a service, but this isn't always an ideal approach (especially if said program is a third-party product that doesn't work well that way).
0
 
LVL 22

Expert Comment

by:cookre
ID: 11699601
That's a perfectly reasonable thing to do.  As a matter of fact, I do that on my home boxes (the lazy way with TweakUI).

In your environment, you may want to modify your code to do a logoff when the program is done, however, so you don't leave a logged on box unattended.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Expert Comment

by:travisjhall
ID: 11699771
There are some programs which need to be left running on a server sometimes. We have servers here where I work that are set to logon and run a program automatically and just keep running said program. These are third-party products which aren't suited to being run as a service. (I tend to write my own stuff such that it runs as a service if this is required.) However, our servers are kept in a locked server room. It's not an easy thing to do to physically access those servers, so we aren't terribly worried about the systems having a desktop.

Even if you can't prevent physical access to the machines, though, it is a simple matter to set the machine to automatically lock the desktop, without logging off.
0
 

Author Comment

by:MadridEspana
ID: 11710637
The server is continually running processes. Due to our ERP package MRP and other manufacturing programs can be scheduled to run at night but in order to run a user has to be logged on to the ERP package. You cannot run this as a process. On Saturdays we reboot our servers and in order to this process to be running I wrote a program that uses Sendkeys to log on and click on the Deferred Processing screen program. It works fine if the server is not locked. However the server is supposed to be locked when we are not there. I tried logoff instead of reboot and the logoff batch file works as long as the computer is not locked. It seems that nothing works when the computer is locked.
0
 
LVL 22

Accepted Solution

by:
cookre earned 500 total points
ID: 11711432
Unless I were willing to fiddle with the security model, I'd write a short executable (to run as a service) that calls CreateProcessAsUser() to start the app:

http://win32.mvps.org/security/lu_cpau.html
http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3BQ165194
0
 
LVL 3

Expert Comment

by:travisjhall
ID: 11711746
How are you locking the Server? Have you got something set up which locks it immediately upon logon, or is it a timed lock after a certain period of inactivity?

If it is acceptable for there to be a short delay between logging on and locking, can you just set your screen-saver settings to lock the computer after a certain period of inactivity? Then, you set up an automatic logon (as I described previously), activate the Deferred Processing screen program with a shortcut in the appropriate startup folder or an autorun setting in the registry, and you should have everything up and running before the computer locks the screen.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
maxMirror challenge 10 88
array6 challenfge 6 62
stringclean challenge 26 55
How can i compile this github project?? 2 40
I know it’s not a new topic to discuss and it has lots of online contents already available over the net. But Then I thought it would be useful to this site’s visitors and can have online repository on vim most commonly used commands. This post h…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now