Windows banner message which prompts for user input

Dear experts,

Unlike the traditional Windows banner message, we would like the users to enter the reason as why they are accessing, before logging-in to the machine. (Usually RDP in our environment). We want save the user input, their usernames and timestamp for auditing reasons. Is this possible? Please advise.

Thanks
RAM
jramprakashAsked:
Who is Participating?
 
NVITCommented:
I don't know if you can capture the info before logon via the Windows screen. However, you can do so during the process after the logon dialog.
0
 
bbaoIT ConsultantCommented:
a customise banner message is support by desigen once the corresponding GPO has been applied.

personally never heard about any custom text field could be added at logon as this process has been highly hardened due to security concerns. or in other words, a custom logon process is NOT supported by design. that's a feature of Windows Security.

anyway, i think you may do something, such as asking for a logon reason, when the user's startup script is running.
0
 
bbaoIT ConsultantCommented:
sorry for the typo:  it should be "is supported", not "is support", at the beginning of my comment above.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
RobSampsonCommented:
We used to load a HTA at logon by placing a launching command in
HKLM\Sofware\Microsoft\Windows\CurrentVersions\RunOnce

but since Windows 7, the RunOnce key no longer executes for non-domain users.  You could of course place the HTA in the Run key, but there are very easy ways around it once you get Desktop access.

I don't think it's possible with the security model of Windows these days.  You are effectively requiring that custom code be run before a user access their desktop, and I don't think this is possible.

Rob.
0
 
RobSampsonCommented:
Thinking of another possible way.... Say you built a SQL database with the following fields:
session_id
username
sessiontime
reason
reasontime

I'm thinking that for the session_id maybe username_hostname_logontime should be unique enough. Then you could populate the first three values at login, and then have the script show an input box for the reason code. If the user enters a reason code, you run an update query against that session_id that populates the reason and reasontime fields.

If the user cancels it, you will have null fields, and can later ask them why they didn't enter a reason. If they leave the box on the screen, and enter it before they log off, you can ask them why they took so long to enter it, based on the difference between the two times.

Something like that would at least allow you to audit in some fashion.

Regards,

Rob.
0
 
jramprakashAuthor Commented:
Thank you very much for your input guys.

Now I understand its not possible to capture text input before the login screen. However, is it possible to  capture input after the login dialog and also restrict the desktop until they provide the input. Thank you very much again.
0
 
RobSampsonCommented:
>> and also restrict the desktop until they provide the input

Only on Windows XP (maybe Windows Vista, never tried it).  Windows 7 (and Vista?) do not allow normal users (but maybe you have all local admin users?!?!?!) to run programs from the RunOnce key.

There are very easy ways around this though, namely by pressing CTRL+SHIFT+ESCAPE to bring up the Task Manager, from where you can run any program you like.

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.