asked on

Windows Logon - Shell

Hi,
Here is what I am trying to do....I want a Win-XP computer to log-in automatically, and our software to start-up after getting into Windows. The user should not have any access to the Desktop, Windows Explorer, etc, only our customized software that is running. If the user exits our application, only a blank screen should be visible in the desktop.... I think I know how to achieve this, and someone can correct me if I am wrong. In regedit, create a new string value called 'Shell' and for the 'Value data' field, enter the path of the software that needs to be run upon startup and also setup auto-login capability in control panel.

My real question here is, what if an Administrator (such as myself) needs to login (or access) Windows to update software, modify settings, etc....If the system is setup to auto-login and the capability to get to Desktop, etc is disabled, how then does an Admin login into Windows?

Thanks for your help.

ASKER CERTIFIED SOLUTION

chuck-williams

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

4runnerfun

If you're just looking for Admin access once you're logged in, if you're able to open the taskmanager (CTRL+ALT+DEL, then T), you could use the RUNAS command. Once you enter the command, it will prompt you for the password.

Open an admin privileged CMD window:
Runas /user:YourDomain\administrator cmd.exe

Open an admin privileged Explorer window:
Runas /user:YourDomain\administrator explorer.exe
Note: if explorer is your shell, you can kill explorer.exe via taskmanager, and when you run the command above, it will open explorer as your shell, with your admin credentials.

Open an admin privileged Notepad:
Runas /user:YourDomain\administrator notepad.exe

chuck-williams

Sorry I mistyped a bit its
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

chuck-williams

Also in reference to 4runners comment. You may want to lock them down to not allow task manager. Otherwise they can just start explorer or any app they want by themselves.

arunykand

ASKER

Ok, I like all the comments...Let me ask this, is it possible to keep 'CTRL-ALT-DEL' access for the user, but only have the 'Log Off' button enabled, so that all the user can do is log-off, and then I (Admin) can login to access full Windows functionality?

SOLUTION

t-max

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

chuck-williams

The only problem with using the local gpedit is that it will affect all users. If you have access to Active Directory you can set a policy just for that user. It may not be an issue just an fyi.

arunykand

ASKER

Correct...as 'Chuck' mentioned, if I disable the 'Lock Computer' for the user, the Admin also has that disabled, not what I wanted....This PC is a stand-alone, not part of 'Active Directory'. any help? :(

t-max

Those settings can be easily set for a specific user, using the registry.
Usually those settings will be stored inside the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

That's however a little bit more "dangerous", but if you want more on that, just look for the string above on Google.
I just found that might be enough: http://www.dewassoc.com/support/useful/registry/policy.htm
Regards!

chuck-williams

Here is another trick. If you use local group policy, it creates a local folder called grouppolicy under C:\Windows\system32 I think. It is a hidden system folder. If you move it out of there and reboot the group policy settings will be removed. Then when you make your changes you can add the folder back and reboot again. I did this like 5 or more years ago so I would recommend testing this to verify and make sure my paths or correct. It is either system or system32