Customize Windows Login Screen with Hyprlink for self service

Hello,

I have  Web Applications for reset passwords and unlock accounts ( self service). i need to integerate this solution with the users login screen inside the organizations.

by letting the users press on Forgot Password or Self Service link under the login screen then it will open web browser with predefined page for our solution.

is this doable or no ? we have WIndows 10 & Windows 8.1 Machines in the channel.

Regards,
LVL 2
fadyazAsked:
Who is Participating?
 
McKnifeCommented:
For a test: create a weak local user account "testuser".
As Administrative user, open an elevated powershell and launch
Set-AssignedAccess -UserName testuser -AUMID Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge

Open in new window

Now logon as testuser and see if edge starts and if you can reach your self service page.

(tested here on win10 v1709)
0
 
McKnifeCommented:
I don't think it's doable for the following reason:
The logon screen is shown without anyone being logged on. Any application that you try to integrate into that screen will be launched without authentication, so it will run with system permissions (highest local permissions) which is a potential security risk.

It would be better to  setup something like an assigned access user that may only start a browser. Are you familiar with assigned access? That would be suitable and that could be deployed.
0
 
fadyazAuthor Commented:
Thanks for your reply McKnife. can you please explain more about the assigned access and suggested steps ?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
fadyazAuthor Commented:
Amazing idea but does it work with windows 8.1 ?
0
 
McKnifeCommented:
I don't know, I tested only with 10. Assigned access had bugs on previous versions of win10 - no idea whether it is fixed on 8.1. But assigned access did already exist on 8.1 - try it out.
0
 
Ajay ChananaMCSE-2003/08|RHCSA| VCP5/6 |vExpert2018Commented:
thought the above cannot customised , windows has already given you provision to create password recovery disk/usb

for the self service portal user can access that from any other system or login to local user guest account and can access it.

above are workaround I hope that helps
0
 
fadyazAuthor Commented:
McKnife thanks alot it is worked for me fine but is there a way to run it with out the web bar and for it to open a specific web page ??

or found a way to run internet explorer in kiosk mode but can i force intenet explorer to run  instead of Edge ?
0
 
McKnifeCommented:
The idea was: don't open a security hole just for a password reset. So I voted for assigned access which, as far as I know and heard, is flawless when it comes to security. If you wanted to use internet explorer, you cannot use assigned access, since IE is not a modern app and ass. access is limited to modern apps. So please decide what is more important, security or comfort.

I have no idea how to set a start page on edge inside of assigned access, but let me try. Hang on.
0
 
McKnifeCommented:
Ok, tested.
You can set a start page as you always would: using GPOs for edge. Make a user GPO apply to that reset user (testuser) that sets it. Works.
0
 
McKnifeCommented:
You should also disable that reset user when other accounts are logged on so that it cannot be used for anything but assigned access.
That can be achieved by deploying a scheduled task that disables the account whenever someone logs on.
0
 
fadyazAuthor Commented:
Apperciate your help on this .
0
 
McKnifeCommented:
Welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.