7

I would like to display an UI that interacts with user on pre-logon screen (the screen where users usually enter their username/password)
I read that the architecture of Winlogon packages has changed and will not help me in Windows 7. I was referred to use WTS functions, however I am still not clear on how to use them or which ones.

I already created a Service which brings up a notepad.exe (for now), however I need to trigger this Service when user is in pre-logon screen. I am not sure what or how to implement that.

Nippey
  • 4,708
  • 36
  • 44
user1683517
  • 171
  • 3
  • 7
  • seems relevant http://stackoverflow.com/questions/4524789/is-it-possible-to-call-win-form-rather-than-windows-login-window, obviously anything GINA hasn't worked since Vista. – Jodrell Sep 19 '12 at 15:46
  • I am thinking that the log on screen appears before the .NET framework has a chance to load, thus making this an impossible feat in C#. However, in C++, this shouldn't be hard to do using [GINA](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380543(v=vs.85).aspx). [Here is a workflow](http://msdn.microsoft.com/en-us/library/windows/desktop/aa374783(v=vs.85).aspx) of how this is done, but no actual code examples. The Windows SDK should have some – Icemanind Sep 19 '12 at 17:33
  • @icemanind, GINA is no longer available from Vista onwards – SeanC Sep 19 '12 at 18:08
  • @SeanCheshire - Did not realize that. Your answer below is probably the best solution then. – Icemanind Sep 19 '12 at 18:19
  • So I still am not sure how to get the UI to show up at prelogon. Any suggestions? – user1683517 Sep 20 '12 at 01:13

4 Answers4

3

what you are trying to do is use Windows Interactive Logon Architecture

Windows Vista examples here (Credential Providers)

Windows 7 technet article

SeanC
  • 15,695
  • 5
  • 45
  • 66
  • Thank you for your response. I looked at credential providers, but not sure if they will allow user interaction with UI I have in mind. My UI needs to rotate the screen. Can I put that functionality inside credential providers? – user1683517 Sep 19 '12 at 18:55
  • seems the Login UI is responsible for rendering the screen, the credential provider is responsible for processing what is valid login information – SeanC Sep 19 '12 at 19:04
  • It seems credential providers do not allow users to interact with system related. My UI needs to rotate the screen. What other options do I have other than credential providers in order to get a UI to popup at prelogon screen? – user1683517 Sep 20 '12 at 05:51
  • http://msdn.microsoft.com/en-us/magazine/cc163489.aspx has a full description, along with some sample code – SeanC Sep 20 '12 at 13:18
0

There's a reason it's HARD to do this kind of thing. Programs are minions of users. Pre-logon, there's (typically) no user to be a minion of. Its a security thing.

Just have your service fire off when a user logs in.

Sam Axe
  • 33,313
  • 9
  • 55
  • 89
0

One way to get UI to show up without anybody logged in is to have a login screensaver. Your code (which could be .NET) would run after the timeout up until either you exit or somebody presses Ctrl-Alt-Del.

There are limits to what you can do as a login screensaver, but it may work for you.

Gabe
  • 84,912
  • 12
  • 139
  • 238
0

From what I understand of your requirement, you want to display a custom user interface at the Credential Provider level. You can achieve this by one of the following approaches:

(1) Write a custom CP that includes your UI as a modal dialog in the SetSelected method of the credential : This approach will allow you to customize any UI. Once the modal window gets dismissed, the actual password CP gets built (assuming you wrap the default password CP).

(2) Launch the application from a Windows Service: This approach will not stop the providers from getting initialized. Basically, the Windows Service is used to launch a process in Winsta0\Winlogon desktop. You can access the process launched using Alt+TAB. Here's the basic steps you would need to use:

  1. WTSGetActiveConsoleSessionId to get the active session ID
  2. WTSQueryUserToken() to get the winlogon pid
  3. DuplicateTokenEx to duplicate the token
  4. Adjust the token privileges by calling AdjustTokenPrivileges
  5. CreateProcessAsUser with lpDesktop as Winsta0\Winlogon

I have used both approaches. The first one is used to introduce more secure login. The second is used to launch remote access tools, cmd prompt etc.

Vivek
  • 428
  • 2
  • 13
  • 1
    Your second option doesn't really work in a situation where there's no interactive users logged in to the workstation, i.e. `WTSQueryUserToken` will fail with error code `ERROR_NO_TOKEN`. So how did you address it? – c00000fd Jul 06 '15 at 07:40