Windows Logon - Shell

Posted on 2011-02-24
Last Modified: 2012-05-11
    Here is what I am trying to do....I want a Win-XP computer to log-in automatically, and our software to start-up after getting into Windows.  The user should not have any access to the Desktop, Windows Explorer, etc, only our customized software that is running. If the user exits our application, only a blank screen should be visible in the desktop.... I think I know how to achieve this, and someone can correct me if I am wrong.  In regedit, create a new string value called 'Shell' and for the 'Value data' field, enter the path of the software that needs to be run upon startup and also setup auto-login capability in control panel.

My real question here is, what if an Administrator (such as myself) needs to login (or access) Windows to update software, modify settings, etc....If the system is setup to auto-login and the capability to get to Desktop, etc is disabled, how then does an Admin login into Windows?

Thanks for your help.  
Question by:arunykand
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1

Accepted Solution

chuck-williams earned 250 total points
ID: 34970328
Login as the user you want to lock down. Go to HKE_ Current_User\Software\Microsoft\Windows NT\Current Version\Winlogon

Change the shell entry from explorer.exe to your application.

If the computer is set to log on automatically then it will go straigtht to the application as long as its set to log in as that user. To log in as and administrator just simply log off and log on as the administrator. The reg entry I gave you applies only to that user you modified.

This can also be done in group policy. let me know if you need info on that.

Expert Comment

ID: 34970333
If you're just looking for Admin access once you're logged in, if you're able to open the taskmanager (CTRL+ALT+DEL, then T), you could use the RUNAS command. Once you enter the command, it will prompt you for the password.

Open an admin privileged CMD window:
Runas /user:YourDomain\administrator cmd.exe

Open an admin privileged Explorer window:
Runas /user:YourDomain\administrator explorer.exe
Note: if explorer is your shell, you can kill explorer.exe via taskmanager, and when you run the command above, it will open explorer as your shell, with your admin credentials.

Open an admin privileged Notepad:
Runas /user:YourDomain\administrator notepad.exe

Expert Comment

ID: 34970337
Sorry I mistyped a bit its
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Expert Comment

ID: 34970374
Also in reference to 4runners comment. You may want to lock them down to not allow task manager. Otherwise they can just start explorer or any app they want by themselves.

Author Comment

ID: 34970679
Ok, I like all the comments...Let me ask this, is it possible to keep 'CTRL-ALT-DEL'  access for the user,  but only have the 'Log Off' button enabled, so that all the user can do is log-off, and then I (Admin) can login to access full Windows functionality?

Assisted Solution

t-max earned 250 total points
ID: 34970822
Do this:
Start->Run...->Type "gpedit.msc" and press Enter
On the new Group Policy window, go to:
User Configuration->Administrative Templates->System->Ctrl+Alt+Del Options
On the right you'll see all the available options, and enable/disable them as you wish.

Expert Comment

ID: 34970907
The only problem with using the local gpedit is that it will affect all users. If you have access to Active Directory you can set a policy just for that user. It may not be an issue just an fyi.

Author Comment

ID: 34971021 'Chuck' mentioned, if I disable the 'Lock Computer' for the user, the Admin also has that disabled, not what I wanted....This PC is a stand-alone, not part of 'Active Directory'.  any help? :(

Expert Comment

ID: 34971548
Those settings can be easily set for a specific user, using the registry.
Usually those settings will be stored inside the key:

That's however a little bit more "dangerous", but if you want more on that, just look for the string above on Google.
I just found that might be enough:

Expert Comment

ID: 34971639
Here is another trick. If you use local group policy, it creates a local folder called grouppolicy under C:\Windows\system32 I think. It is a hidden system folder. If you move it out of there and reboot the group policy settings will be removed. Then when you make your changes you can add the folder back and reboot again. I did this like 5 or more years ago so I would recommend testing this to verify and make sure my paths or correct. It is either system or system32

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question